UNODC, Scitum Join Forces to Fight Cybercrime in Mexico | #cybercrime | #infosec

UNODC and Scitum TELMEX formalize intelligence-sharing to strengthen cyber resilience in Mexico amid rising ransomware and attack volumes. The agreement aligns public and private capabilities, impacting critical infrastructure, SMEs, and regulated sectors, while reinforcing compliance, operational standards, and preparedness ahead of 2026 FIFA World Cup.

 

The United Nations Office on Drugs and Crime (UNODC) and Scitum TELMEX signed a cooperation agreement to exchange intelligence and strengthen cybercrime prevention in Mexico. This partnership aims to standardize technical and operational capabilities to protect critical infrastructure against escalating digital threats.

The formalization of this communication exchange responds to the increasing complexity of the threat landscape, where fragmented defense efforts jeopardize organizational integrity. 

“No one can achieve protection of the [digital] ecosystem alone: we all need to join forces and we need to collaborate to combat digital crimes,” says Orestes Balderas, Director of Strategy, Innovation, and Transformation, Scitum TELMEX.

This alliance allows the alignment of the operational experience of Scitum TELMEX, which possesses more than two decades of experience in threat identification and incident containment, with international regulatory frameworks. The UNODC Global Cybercrime Program drives national capacity building and disruption from an international perspective. 

This collaboration extends to common counterparts such as Mexico’s National Guard and Navy to consolidate a unified front for the disruption of illicit activities in cyberspace.

The Evolving Risk Landscape in Mexico

Mexico has become a priority target for organized cybercrime groups. According to research conducted by SCILabs, the intelligence unit of Scitum TELMEX, Mexico is the second country most affected by ransomware in Latin America. The nation accounts for 17.75% of regional attacks, occurring within a context where digital threats grew by 19.07% in previous years.

The urgency of a robust defense infrastructure is emphasized by the proximity of high-visibility events, such as the 2026 FIFA World Cup. The expanded digitalization and logistical complexity of a multiple-host format involving Mexico, the United States, and Canada increase the surface of exposure. Fortinet reports that Mexico recorded about 324 billion cyberattack attempts in 2024. During 1H25, the country detected more than 40.6 billion attempts.

For the UNODC, the integration of the private sector is critical to strengthen alliances for the investigation and prevention of cybercrime. Stacy de la Torre, Head of Office, UNODC Mexico, says that this partnership strengthens the ties necessary to fight digital illicit activities. The joint labor focuses on four operational axes:

1. Strengthening international cooperation against cybercrime.

2. Sharing knowledge and best practices.

3. Analyzing trends and emerging threats.

4. Contributing to the development of cybersecurity capacities.

The evolution of the market requires that cybersecurity transitions from a defensive cost center to a business enabler. Scitum TELMEX, for example, has redefined its strategic offering to address the fronts with the highest growth potential: industry, SMEs, and AI.

Its approach to the management of security is articulated through four service lines designed to respond to the sophistication of threat actors:

• Identity and Access Management (IAM): Identity has consolidated as the new security perimeter. Marcos Polanco, Executive Director, Corporate Governance, and CISO, Scitum TELMEX, says the concept of identity has shifted. It now includes non-human identities, such as AI agents and automated processes, which require strict operational limits.

• Operational Technology (OT) Security: The lag in the digitalization of the Mexican industry represents a critical vulnerability. The protection of industrial environments is a priority to secure national infrastructure and automated processes.

• Enterprise AI: The implementation of AI requires governance frameworks and model control. The strategy focuses on validation mechanisms and the continuous evaluation of algorithm behavior to prevent malicious exploitation.

• Cloud and Managed Services: The migration to hybrid environments requires centralized management and total visibility of network traffic.

A significant change in the market is the automation of services for SMEs. By removing technical and cost barriers through self-provisioned services and AI-based agents, the company seeks to protect supply chains. Cristina Hernández, General Director, Scitum TELMEX, says that joining forces generates more capacity for a better defense against cybercrime. 

Compliance with cybersecurity standards is a now contractual condition required by large corporations from their providers, making security a requirement for commercial competitiveness.

The 2026 World Cup Challenge

The World Cup will represent a test of resilience for the national infrastructure. The services, government, and health sectors will face specific attack vectors during the sporting event. Research from Kaspersky and Sophos indicates that attackers will exploit system saturation and the zero tolerance of consumers for interruptions.

Ketty Alvear-Porter, Country Manager, Sophos, says that the World Cup is a test of resilience rather than a mere commercial challenge. The risk increases because the event gathers millions of fans, which elevates demand peaks in short periods. Maria Isabel Manjarrez, Security Researcher, Kaspersky, says that sectors such as transportation and hospitality are key targets due to their reliance on digital infrastructure.

The critical vectors identified include:

• Automated Traffic and Bots: Saturation of transactional systems at points of sale and reservation platforms.

• AI-Powered Phishing: Kaspersky recorded 360 million phishing attacks in 2025. These utilize malicious files to compromise entire corporate networks.

• Local Configuration Compromise: The use of open Wi-Fi networks and outdated configurations in stadiums and hotels facilitates the capture of personal and banking data.

To address these challenges, specialists recommend a transition toward a consultative maturity model. This includes the implementation of robust policies that prioritize the encryption of sensitive information and the reduction of the number of individuals with access to critical data.

Manjarrez says that organizations must evaluate their internal cyber maturity and define minimum security levels. Higher access to confidential data requires greater control. Furthermore, segmenting the internal network into areas helps contain the impact of any breach and prevents lateral propagation.

Alvear-Porter suggests a preparation focused on recovery. This involves a response plan that the team knows how to implement with precision. Strategic alignment among business, technology, and risk departments ensures that each team understands its responsibilities during a crisis.

Finally, the industry is moving toward advanced technologies to anticipate future threats. Scitum TELMEX is exploring scenarios of cryptography and decryption linked to quantum computing. This anticipates a shift that could redefine digital security in the medium term.