Did WannaCry change cybersecurity awareness in Mexico?

A wave of ransomware attacks shook the world in May. A program known as WannaCry locked thousands of computers, demanding bitcoins as a decryption fee. 

The incident created more awareness about cybersecurity in Mexico, according to Eduardo Rico, director of engineering at security firm Symantec. However, budget limitations are keeping some companies from implementing adequate protection. 

BNamericas: How do you see the current state of cybersecurity in Mexico?

Rico: Mexico has made important advancements to be up to date in cybersecurity matters. However, we have to acknowledge that the job is far from done as there are companies or market segments that still don't consider protecting their digital information as part of their business strategy. 

Mexico ranks second in terms of cybersecurity in Latin America, preceded by Brazil, which is a much larger market. I'd like to note that regulations are a key characteristic in countries that are more advanced in this subject. We still lack clear regulations on how to proceed in case of an infiltration or hack. There's a considerable road ahead in this regard. 

BNamericas: What are the financial costs of cybercrime in Mexico? 

Rico: That's a key issue because Mexico doesn't have exact figures so we rely on estimates. After the WannaCry incident, the costs should have gone up considerably. 

Even though we don't have exact figures for Mexico, we have followed the incident at the global level and the ransom per affected computer amounted to 300 bitcoins. By tracking the three bitcoin portfolios that were used in the incident, we determined that only 300,000 bitcoins were collected globally. Given the scope and impact of WannaCry, we find this to be a small figure. 

Compared to other Latin American markets, Mexico didn't suffer such a severe impact, as in the case of Brazil and Chile, which were the most affected markets in the region. 

BNamericas: Have you noticed a change in companies' approach to cybersecurity after WannaCry? 

Rico: WannaCry certainly raised a red flag in terms of the scope and strength of cyberattacks. At Symantec we have noticed that clients are becoming more proactive in learning about protection. 

An issue that troubles everyone is the budget companies have for cybersecurity solutions. 

Companies are open to getting more protection but their budgets don't grow at the same rate as their interest. Only those companies that see themselves at a greater risk of losing their information are the ones working to increase their annual budgets, and these companies comprise a small percentage. 

BNamericas: Which sectors are most vulnerable in Mexico? 

Rico: Malware affects companies by size rather than sector, and companies with 1,000-1,500 employees are targeted the most. 

Smaller companies have also become a target because they tend to have fewer people dedicated to IT, as they focus on their core business. That leaves these players with their guard down. 

Secondly, larger companies manage information that is considered valuable, making them an attractive target. In recent years we've noticed that smaller companies with low security levels are targeted as a way to reach the larger companies. 

BNamericas: What needs to be done for cybersecurity to become part of a company's corporate culture? 

Rico: Educating people is crucial because we need to become more aware of the risks we're exposed to on a daily basis. 

The proliferation of mobile phones and intelligent devices is facilitating access to information, yet we seldom consider the security aspect. 

Carrying out information campaigns to create awareness of the risks is necessary, and companies should actively participate in these. Additionally, the authorities need to create norms with a greater impact. 

Regarding budget limitations, the cloud has brought about schemes that are becoming more feasible for organizations of all sizes. Now companies don't have to spend large amounts on security solutions as they can pay for what they consume. 

Cybersecurity can be compared to the insurance industry, where it's increasingly common to see small business owners buying insurance to protect themselves against different contingencies even if these never happen.