The report Global Threat Landscape, recently published by Fortinet, one of the global leaders in cybersecurity and prepared by FortiGuard Labs, revealed that there were 2.4 billion attempted vulnerability exploits in Brazil alone during the first half of the year. Combined with several data leak cases involving major brands between January and June due to inadequate protection provided by third parties, the explosive volume increases corporate concerns about the efficiency of security offered by their business partners in the IT sector, especially regarding the use of EDR (Endpoint Detection and Response).
For Rodrigo Gazola, CEO and founder of Addee, a company with 11 years of experience in providing management, monitoring, data protection, and security solutions for IT service providers, the study once again proves that, at the pace of digital transformation worldwide, companies providing services to other businesses—and that have access to their data and the data of their clients—must significantly increase their precautions and invest more in team training, equipment updates, and, most importantly, in security layers beyond EDRs on all devices.
One of the cases that highlighted the risk of vulnerability exploitation by third parties in the first semester was that of the German company Adidas, which reported a data breach through an environment accessed by a service provider. Although the company reassured its customers by stating that more sensitive data such as credit card numbers and store account passwords were not exposed, it confirmed that other information such as names, email addresses, phone numbers, birthdates, and gender were indeed compromised.
Gazola explains that EDRs are security solutions considered the natural evolution of antivirus software, and they have gained prominence because antiviruses are no longer capable of preventing certain actions exploited by hackers.
According to him, to reduce opportunities and consequently the fraudsters’ appetite demonstrated by the Global Threat Landscape study, it is necessary to implement EDR with robust PATCH update systems and vulnerability analyses—but always alongside a Backup solution.
“More than creating the impression of security, it is essential to demonstrate in practice that the organization is prepared. Scammers only back off when they realize there’s no vulnerability to exploit. This requires discipline in applying the industry’s most advanced technologies and maturity in risk management. In cybersecurity, there’s no room for promises or good intentions: only consistent execution generates real protection and market trust,” he concludes.
