The report Global Threat Landscape, recently released by Fortinet, a global leader in cybersecurity, and prepared by FortiGuard Labs, revealed that 2.4 billion vulnerability exploitation attempts occurred in Brazil during the first half of the year alone. Combined with the numerous data breaches that occurred at major brands between January and June due to a lack of third-party protection, this explosive volume raises concerns in the corporate environment regarding the effectiveness of the security offered by their IT business partners, particularly regarding the use of EDR (Endpoint Detection and Response)..
For Rodrigo Gazola, CEO and founder of Addee, a company that has been providing management, monitoring, data protection, and security solutions for IT service providers for 11 years, the study proves once again that, with the pace of digital transformation worldwide, companies that provide services to other companies and have access to their data and that of their customers need to take even greater care and invest increasingly in training their teams, as well as in updating equipment and, most importantly, in having layers of security beyond EDRs on all equipment.
One of the cases that highlighted the risk of exploiting vulnerabilities offered by third parties in the first half of the year was that of the German company Adidas, which reported a data breach through an environment accessed by a service provider. Although the company reassured its customers that more traumatic data such as credit card numbers and passwords for accessing accounts in the chain’s stores were not exposed, it confirmed that other information such as names, email addresses, phone numbers, dates of birth, and gender were indeed compromised.
Gazola explains that EDRs are security solutions considered the natural evolution of antiviruses and they gained prominence because antiviruses today are no longer capable of preventing certain actions that are exploited by hackers..
According to him, to reduce opportunities and consequently the appetite of fraudsters demonstrated by the Global Threat Landscape study, it is necessary to implement EDR with robust PACTH update systems and vulnerability analysis, but always with a backup solution.
“More than creating the impression of security, it’s essential to demonstrate in practice that the organization is prepared. Fraudsters only back down when they realize there’s no vulnerability to exploit. This requires discipline in applying the industry’s most advanced technologies and maturity in risk management. In cybersecurity, there’s no room for promises or good intentions: only consistent execution generates real protection and market trust,” he concludes..
