IT security, the weakest point of Mexican diplomatic missions
Mexican diplomacy lacks cyber security – Photo: File photo/EL UNIVERSAL

IT security, the weakest point of Mexican diplomatic missions

14/09/2019
13:23
Ariadna García
MexicoCity
-A +A
In addition to not being approved by the central office nor by the National Security System, communications infrastructure and security protocols are not implemented in Mexico’s Representations Abroad

Leer en español

Mexican diplomatic missions lack technological security. There are no intruders detection mechanisms in the system of neither the offices in Mexico nor abroad.

In the report made by the General Board of Information and Innovation Technologies (DGTII) of the Foreign Affairs Ministry (SRE), it was pointed out that communication infrastructure, as well as security protocols in Mexico’s Representations Abroad (RME),  are not certified with the central officer nor with the national security system of the country.

Likewise, there is an expense of over MXN $4 million a month in terms of IT security, a lack of policies and controls in the RME prevails, and security policies are not implemented in embassies.

“[There is a] lack of intruders detection mechanisms in the country and in the RME,” said the DGTII.

Last April, a hacker tweeted a link with information about the Mexican embassy in Guatemala. The hacker downloaded 4,800 documents, most of them related to the inside operation of the diplomatic representation, including its consular activities and even from the passports area.
 

Artículo

Mexico’s financial institutions are an easy target for hackers

Last April, around MXN$400 million were stolen from Mexican banks through the CNBV system
Mexico’s financial institutions are an easy target for hackersMexico’s financial institutions are an easy target for hackers

After the situation, the DGTII implemented a new security protocol to protect the information stored in the RME.

All the staff of embassies and consulates were warned that access codes to the system would be valid for 50 calendar days, so it was advised to change them every 45 days.

The most fragile. One of the most vulnerable digital systems is the one of appointments for passports.

In August 2017, the then-chief of the Municipal Liaison Office with the SRE in Tamaulipas, David González Serna, said that they detected several cases of fraud against people who paid to obtain this document.

The public officer revealed that hackers tricked people and asked them for payments, exceeding the official costs, in exchange for the passport. With the transaction, the appointment was allegedly made for the procedure, but when they arrived at the corresponding office, the fraud was revealed.
 

Artículo

Organized cybercrime increases in Mexico

Europol: Mexico showed the largest number of cyber-attacks in Latin America after Brazil
Organized cybercrime increases in MexicoOrganized cybercrime increases in Mexico

In its annual report, the DGTII alerted that Mexican diplomacy has vulnerable critical systems.

“There is not an integral security mechanism in the ministry in which security is managed in different levels,” the report highlights.

With that analysis, they developed an integrated strategy for information security, which is based on the securing of the whole system, not only in terms of technology but also of processes and data.

“The strategy will establish a line in which a government of information will be defined, which will be made up of representatives of those areas involved in the handling of information: sub ministries, embassies, and consulates, the General Board of Delegations, the General Board of Consular Affairs, the General Board of Legal Affairs, the Unit for Internal Control, and the General Board for the Protection of Mexicans Abroad,” it detailed.

In the strategy, added the DGTII, a catalogue for the classification of information will be defined, including the infrastructures considered as critical or of national security, “with the objective of performing regular inspections of risks and impact in the operation, for the implementation of those controls that maintain a minimum acceptable level for the risk they are exposed to.”
 

Artículo

92% of Mexican companies are victims of cyber-attacks

Kroll stated that 20% of cyber-attacks are due to employees’ mistakes and failing to follow security protocols
92% of Mexican companies are victims of cyber-attacks92% of Mexican companies are victims of cyber-attacks

It explained that it will also orchestrate a Security Management System in which they will establish the policies and guidelines to be followed, both centrally and internationally, by safety guidelines of the information inside each RME.

The objective is to reduce the cost of the electronic security system from MXN $4.5 million to MXN $1.8 million a month, as well as having a security management system for the information of the central offices and the RME and security in all levels.

In the proposed strategy, the DGTII also includes regular inspections to critical or essential infrastructures of the SRE to detect possible vulnerabilities and lower the risk of cyberattacks.

“There will be a team of experts, called ethical hackers, who will search for vulnerabilities,” it informed
 

Artículo

North Korean hackers behind cyber-attacks against Mexican banks

According to cyber-security firm FireEye, a North Korean group called APT38 was behind the attacks
North Korean hackers behind cyber-attacks against Mexican banksNorth Korean hackers behind cyber-attacks against Mexican banks

mp
 

Mantente al día con el boletín de El Universal