Mexico flagged as cyber hotspot

Fortinet’s threat‑intelligence team counted an enormous spike of hostile activity against Mexican networks: researchers say systems in Mexico were targeted hundreds of billions of times in 2024, and FortiGuard reported roughly 40.6 billion attack attempts in the first half of 2025 alone. (filestore.fortinet.com) (mexicobusiness.news) A recent intrusion investigation shows how new tools change the tradecraft: an attacker used large natural‑language models — artificial intelligence programs that can generate text and computer code when prompted — to draft exploit scripts and automate data theft, yielding about 150 gigabytes of stolen government files that researchers say included records tied to roughly 195 million taxpayers. (bloomberg.com) The mechanics behind the surge are twofold and worth naming: one, “reconnaissance” in this context means automated probing of internet‑facing services to find unpatched or exposed systems, and FortiGuard measured active scanning at roughly 36,000 probes per second; two, “credential theft” means attackers are harvesting usernames and passwords and then buying and selling those stolen logins on underground markets, a trend FortiGuard says increased about 42% year over year. (filestore.fortinet.com) Researchers also describe a “jailbreak” pattern against chat‑based models — that is, repeated prompting to bypass the model’s safety filters so it will produce harmful code — and then using that generated code to scale intrusion and exfiltration across multiple agencies and supply partners. IBM’s X‑Force team adds that attacker activity in the region is increasingly focused on exploiting public‑facing applications and third‑party relationships, with Latin America representing about 9% of investigated incidents in 2025. (bloomberg.com) (newsroom.ibm.com) For a finance team tracking supplier exposure, two concrete technical controls map directly to dollars: adopt continuous vendor cyber scoring (commercial platforms include SecurityScorecard and UpGuard, which provide near‑real‑time posture metrics for suppliers) and couple those scores with a quantitative cyber‑risk model such as FAIR (Factor Analysis of Information Risk), which decomposes risk into loss‑event frequency (how often an incident occurs) and loss magnitude (how much each incident costs) so scenarios produce dollar ranges via Monte Carlo simulation. (securityscorecard.com) (upguard.com) (fairinstitute.org 1) (fairinstitute.org 2) Turn those methods into a short, slide‑ready scenario set for executives. Example template: “Packaging‑supplier outage — five production days lost”; inputs: daily revenue = $200,000, five‑day lost revenue = $1,000,000, gross‑margin loss at 32% = $320,000, incremental recovery costs range $50,000–$500,000, insurance recoverable = policy limit less retention; run Monte Carlo across outage days (1–14) and recovery costs to show a 95% loss range for cash impact and working‑capital drift. Use a parallel slide that shows each critical supplier’s live cyber score, contractual SLAs, and suggested executive action thresholds (for example: trigger emergency supplier spend authorization when a primary supplier’s score drops below a defined threshold). (cisa.gov) (filestore.fortinet.com) (fairinstitute.org) Governance and a repeatable briefing format close the loop for the C‑suite: present (1) quantified exposure (dollar range and probability), (2) operational knock‑on metrics (expected days of production loss, inventory days‑on‑hand change, supplier payment deferrals), and (3) two clear asks (pre‑approved contingency spend and a supplier mitigation plan with SLAs and insurance recovery assumptions), then update these numbers monthly as vendor scores and threat telemetry change. Tie those slides to NIST‑aligned third‑party controls so executive decisions rest on traceable, auditable triggers rather than intuition. (fortinet.com) (csrc.nist.gov)