Cyber attacks are happening more frequently, persistently, and sophisticatedly. Therefore, not only Brazil has seen a significant increase in cyber attacks, but the same scenario has occurred globally, with a 75% increase in the third quarter of this year compared to the same period last year, registering a record of 1,876 cyber attacks per organization, according to Check Point Research’s study.
Computer scientist Michele Nogueira, Ph.D. in Computer Science from the University of Sorbonne in France, explains that this increase is due to criminals using Artificial Intelligence (AI) to automate and sophisticate their attacks, making them more difficult to detect and combat. This includes the creation of adaptive malware, mass-customized phishing, and more complex Distributed Denial-of-Service (DDoS) attacks. “AI allows criminals to exploit system vulnerabilities on an unprecedented scale and speed, demanding a prompt and equally sophisticated response from companies,” she warns.
Increase in e-commerce and the need for data protection
According to the “Brazilian E-Commerce Profile” report by BigDataCorp, the e-commerce sector in Brazil has surpassed the mark of 1.9 million online stores in 2023. As online stores increase, DDoS attacks have become increasingly common, with a 106% increase in volume. These attacks can cost up to R$33,000 per minute for affected companies, highlighting the urgency of an effective response.
The study also pointed out that 73.5% of e-commerce businesses are family-owned, and 86% of them have less than 10 employees. These are small and medium-sized enterprises (SMEs) facing significant challenges in trying to protect themselves against cyber threats, especially those involving AI. However, Michele Nogueira states that there are effective strategies that can be implemented to enhance security and minimize risks. “Awareness is the first line of defense for companies. It is essential to conduct frequent cybersecurity training for all employees, focusing on common threats such as phishing, weak passwords, and safe device usage. In addition, implement phishing attack simulations to test and improve employee readiness,” said the computer scientist.
It is also important to invest in security solutions that utilize AI to detect and respond to threats in real-time, such as antivirus, firewalls, and network monitoring systems. These tools can identify anomalous patterns and alert about potential incidents. Additionally, use tools that monitor user and system behavior to identify suspicious activities before they can cause harm. “It is essential to implement encryption to protect sensitive data, both at rest and in transit. This ensures that even if the data is intercepted, it cannot be used. Also, regularly back up critical data and ensure they are stored securely, preferably outside the primary environment, so they can be quickly recovered in case of a ransomware attack or other violation,” warns Michele Nogueira.
Other protection actions
To protect against cyber attacks, it is necessary to establish continuous network monitoring to quickly identify and respond to suspicious activities. Small businesses can use Managed Security Services (MSSP) for this function if they do not have internal resources. ‘SMEs can benefit from security solutions provided as a service, offering tools and support at an affordable cost without the need for major upfront investments. They can also hire specialized consultancies to conduct security assessments, identify vulnerabilities, and suggest improvements,’ advises the computer scientist.
Responses to Attacks
Companies should create an incident response plan that includes clear steps to identify, contain, and mitigate the effects of a security breach. This plan should be tested regularly through simulations, ensuring that all employees know what to do in case of a security incident, including who to report the problem to and what immediate actions to take.
To help mitigate the costs of recovery after a cyber incident, including reputation damage and business interruptions, companies can also consider purchasing specific cyber insurance.
‘By adopting these practices, small and medium-sized enterprises can significantly increase their resilience against cyber threats, especially those involving the use of AI by attackers. Even with limited resources, it is possible to implement effective defense and minimize the risks associated with these threats,’ concludes Michele Nogueira.
Computer scientist Michele Nogueira
Michele Nogueira works in the areas of computer networks, network security, and data privacy. She has a Ph.D. in Computer Science from Sorbonne Université – France and a Postdoctoral degree from Carnegie Mellon University (CMU), Pittsburgh, USA.
She is a senior member of the Association for Computing Machinery (ACM) and the Institute of Electrical and Electronics Engineers (IEEE) in recognition of her leadership and technical/professional contributions.
She is an associate professor in the Department of Computer Science at the Federal University of Minas Gerais (UFMG) and is a permanent member of the Computer Science Graduate Program.
She is dedicated to research focusing on creating cybersecurity intelligence based on artificial intelligence and data science techniques with applications in various sectors of society.
