The Global Threat Landscape report, recently released by Fortinet, one of the global leaders in cybersecurity and developed by FortiGuard Labs, revealed that there were 2.4 billion attempts to exploit vulnerabilities in Brazil during the first semester alone. Coupled with several data leakage incidents in major brands between January and June due to lack of protection offered by third parties, the explosive volume raises concerns in the corporate environment regarding the effectiveness of security provided by their business partners in the IT area, especially concerning the use of EDR (Endpoint Detection and Response).
According to Rodrigo Gazola, CEO and founder of Addee, a company operating for 11 years in providing management, monitoring, data protection, and security solutions for IT service providers, the study once again proves that, given the pace of digital transformation worldwide, companies providing services to other businesses, and having access to their data and their customers’ data, need to significantly increase precautions and invest more in training their teams, as well as updating equipment, and most importantly, having security layers beyond EDRs on all devices.
One of the cases that accentuated the risk of exploiting vulnerabilities offered by third parties in the first semester was that of the German company Adidas, which reported a data breach through the environment accessed by a service provider. Although the company reassured its customers by stating that more traumatic data such as credit card numbers and account passwords in the network stores were not exposed, it confirmed that other information such as names, email addresses, phone numbers, dates of birth, and gender were indeed compromised.
Gazola explains that EDRs are security solutions considered as the natural evolution of antiviruses, and they have gained prominence because antiviruses today are no longer capable of preventing certain actions exploited by hackers.
According to him, to reduce opportunities and consequently the fraudsters’ appetite shown by the Global Threat Landscape study, it is necessary to implement EDR with robust PATCH update systems and vulnerability analysis, but all this always with a Backup solution.
“More than creating a sense of security, it is essential to demonstrate in practice that the organization is prepared. Scammers only retreat when they realize there is no vulnerability to exploit. This requires discipline in the application of the most advanced industry technologies and risk management maturity. In cybersecurity, there is no room for promises or good intentions: only consistent execution generates real protection and market confidence,” he concludes.
