Explosion of attacks on vulnerabilities in the first half raises concerns about third-party risks

The report Global Threat Landscape, recently released by Fortinet, a global leader in cybersecurity and prepared by FortiGuard Labs, revealed that there were 2.4 billion attempted vulnerability exploitations in Brazil during the first half of the year alone. Combined with the numerous cases of data breaches that occurred in major brands between January and June due to inadequate protection provided by third parties, this explosive volume increases corporate concerns regarding the efficiency of the security offered by their IT business partners, especially concerning the use of EDR (Endpoint Detection and Response). 

According to Rodrigo Gazola, CEO and founder of Addee, a company with 11 years of experience in providing management, monitoring, data protection, and security solutions for IT service providers, the study once again proves that, at the pace of advancement digital transformation has been achieving worldwide, companies that provide services to other businesses and have access to their data and their clients' data need to significantly increase their precautions and invest more in team training, as well as in equipment updates and, most importantly, in having security layers beyond EDRs on all devices.

One of the cases that highlighted the risk of vulnerability exploitation by third parties in the first half of the year was that of the German company Adidas, which reported a data breach through an environment accessed by a service provider. Although the company reassured its customers by stating that more sensitive data such as credit card numbers and account passwords for in-store access were not exposed, it confirmed that other information such as names, email addresses, phone numbers, dates of birth, and gender were indeed compromised.

Gazola explains that EDRs are security solutions considered the natural evolution of antivirus programs, and they have gained prominence because antivirus software is no longer capable of preventing certain actions exploited by hackers. 

According to him, to reduce the opportunities and consequently the appetite of fraudsters demonstrated by the Global Threat Landscape study, it is necessary to implement EDR with robust PATCH update systems and vulnerability analyses, but all of this must always be accompanied by a Backup solution.

“More than creating an impression of security, it is essential to demonstrate in practice that the organization is prepared. Scammers only back down when they perceive that there is no vulnerability to be exploited. This requires discipline in applying the industry's most advanced technologies and maturity in risk management. In cybersecurity, there is no room for promises or good intentions: only consistent execution generates real protection and market trust,” he concludes.