Cybersecurity: the importance of investing in information security

Investing in information security (IS) is the most effective way to protect data and internal systems against unauthorized access and other cyber threats.With a solid and effective governance program, organizations can ensure that the three pillars of information security (Integrity, availability and confidentiality (Integrity and confidentiality & integrity are maintained, ensuring that the company is safe from unauthorized access.

According to a study conducted by Solo Iron, a cyber security vertical of Solo Network, cyberattacks increased by 70% in Brazil in the second quarter of this year alone.To make matters worse, this scenario was followed by all of Latin America, which recorded about 53% more shares of this type in the same period of analysis, according to another report released by Check Point Research.

Regardless of size or segment, any business can be the target of these attacks, from a small market with only two computers connected to the internet, to large industries with a global presence. Among the main reasons that explain this occurrence, it is noteworthy that many managers, especially those of small and medium-sized companies, underestimate the importance of investing in information security, believing that they are not on the radar of attackers.

However, contradicting this thought, according to Kaspersky, SMEs face 365 attack attempts per minute in Brazil BUT, are the ones that least resort to some type of cyber insurance that protects them against these criminal actions. Being reluctant to this investment is no longer an option, especially in the face of an increasingly globalized market, where information is a precious asset for decision making. In this context, the theft of sensitive data can lead to financial losses and other major damages.

Faced with such a risk, investing in information security (IS) and having a data governance program is the most effective way to protect data and internal systems against attacks and other cyber threats. Implementing good practices that reduce vulnerabilities in the computing environment, protect assets and thus preserve the reputation of organizations is essential.

In practice, this direction should not be limited to the incorporation of technological resources favorable to security, such as artificial intelligence (AI), which is able to analyze large volumes of data, identify behavior patterns and detect suspicious activities that may pose security risks. A well-structured governance program includes a clear and objective information security policy, in addition to conducting regular training (taught at least once a year) for all employees, a robust password policy and the implementation of access controls to corporate systems and files.

In addition to the aforementioned items, it is vitally important that organizations have basic protection mechanisms, such as firewall, antivirus, VPN, as well as the exclusive use of licensed software that receives constant updates, while remaining protected against the latest threats.

It is also important to ensure that the entire program is audited periodically by independent auditors to ensure its effectiveness and continuous evolution.

Legally, there is also the factor of the LGPD (General Data Protection Law) of 2018 (Data Noncompliance can result in daily or simple fines, ranging from 2% of billing to R$ 50 million for infringement, in addition to blocking data and any suspensions of corporate activities. However, far beyond financial penalties, companies that do not comply with such standards can be charged with a kind of “publicity of violation”, which can be disclosed on its official website or in other media outlets, which will certainly be a tremendous negative point for its reputation.

Being in compliance with the LGPD is an obligation of organizations in Brazil, but this ends up being a natural consequence of a well-established governance program, regular training and independent audits. Thus, the risks of companies suffering from theft or loss of data are significantly reduced, either by human or technical failures.

Ramon Silva's he is a Network Analyst at ECOVIS BSP.

Thyago Baruchi he is a Partner and IT Manager at ECOVIS BSP.