Brazil is facing a worrying scenario regarding cyberattacks, with a significant increase in the number of incidents affecting companies across all sectors. To get an idea, according to the latest report from Check Point Research, cyber attacks in the country increased by 95% in the third quarter compared to the previous year, jumping from 743 to 2.766 weekly incidents.
This scenario highlights the vulnerability of Brazilian organizations, that need to adopt more robust security measures to protect their information and ensure the continuity of their business. A survey by the International Business Report (IBR) reveals that more than 80% of medium-sized companies in Brazil are already directing or still plan to direct investments for protection against cyberattacks this year
The accelerated digitization, allied to the sophistication of threats, requires a more proactive stance from companies, that must be prepared to mitigate risks and respond quickly to incidents
For Evandro Alexandre Ribeiro, Head of Information Security at Avivatec, Brazilian company reference in technology solutions for business, Cybersecurity has ceased to be a concern exclusive to large corporations and has become essential for companies of all sizes. The threats are more frequent and sophisticated, with financial impacts and damage to reputation. That's why, it is crucial for companies to invest in security technologies, adopt effective policies and promote continuous training for their teams.”, comment
Thinking about it, Avivatec has identified the three most common cyber attacks and how to adopt effective preventive measures for each of them
- Ransomware
Ransomware is a type of malware – malicious software intentionally created to harm systems or users – that encrypts the files of a system and demands payment to release them. In many cases, the only way to recover the data is through backups or paying the ransom. More recent variants adopt "double extortion", stealing data before encrypting it and threatening to disclose it.
This type of attack has put companies at risk, like in the case of the WannaCry attack, that in 2017 infected more than 200 thousand systems worldwide by exploiting a Windows vulnerability. Essential companies and institutions, like hospitals and universities, were seriously affected, with estimated losses of over USD 4 billion
- Phishing
Phishing is a common cyberattack technique in which attackers do not exploit technical vulnerabilities, but they induce victims to click on suspicious links or open malicious attachments, thus gaining access to confidential systems and data. This method aims to steal credentials, the installation of malware or financial fraud, and, with the increase in the sophistication of false messages, these attacks have become harder to detect.
Between 2013 and 2015, for example, Facebook and Google were deceived in a $100 million scam. The invader posed as the supplier company Quantum, sending false invoices that both companies paid. The scam was discovered later, leading to the criminal's arrest, who was extradited from Lithuania. As a result of legal actions, Facebook and Google managed to recover US$49,7 million of the US$100 million stolen
- DoS and DDoS attack
DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks aim to make a system or network inaccessible, overloading it with fake traffic. In the DoS attack, the attacker uses a single machine to flood the target with requests, while in the DDoS, several infected devices, forming a botnet – a network of hijacked and controlled devices to carry out mass attacks – are used to generate an even larger volume of traffic. Both types of attacks can cause significant disruptions, affecting the availability of online services and harming the operation of companies
To face these threats and strengthen cybersecurity, companies must adopt preventive strategies that go beyond basic protection measures. Below, Avivatec has gathered four practices to help organizations of all sizes better prepare against the most common attacks and ensure the protection of their data and the continuity of their business
- Risk reduction
To reduce vulnerabilities, it is essential to evaluate systems in detail, networks and applications, identifying weak points with audits and security tools. After, the failures must be classified by severity and corrected with updates and security adjustments. Finally, continuous monitoring should be adopted to quickly detect and resolve new threats
- Training for employees
One of the best ways to protect an organization's data is to invest in educating its employees about cyber risks and how their actions can impact the security of digital assets. Companies should adopt a proactive approach to ensure that all employees understand the threats and know how to prevent security breaches from compromising the organization's protection
- Adoption of multi-factor authentication and password management policies
The implementation of multifactor authentication (MFA) and strict password control are essential to strengthen security. Use strong and unique passwords, changing them regularly, and avoid keeping default passwords. MFA adds an extra layer of protection, requesting an additional confirmation, like a code sent by app. It is also essential to never share your passwords to ensure the security of the systems
- Investing in cloud storage
Cloud computing is an efficient and cost-effective solution for businesses, reducing costs with servers and offering greater flexibility. To ensure data security, it is essential to check the provider's reputation, enable two-factor authentication and adopt a strict password policy. Furthermore, using protection tools for data transport and following recommended security best practices are fundamental measures to protect information stored in the cloud
In this context, it is of great importance that companies integrate cybersecurity into their organizational culture, prioritizing data protection and business continuity. With adequate investments and the adoption of good practices, it is possible to minimize risks and remain resilient in the face of the growing threats of the digital environment
