Number of cyberattacks grows 95% in Brazil: see how to protect your company

Brazil is experiencing a worrying scenario in relation to cyberattacks, with a significant increase in the number of incidents affecting companies in all sectors.To get an idea, according to the latest Check Point Research report, cyber attacks in the country grew 95% in the third quarter compared to the previous year, jumping from 743 to 2,766 weekly incidents. 

This scenario highlights the vulnerability of Brazilian organizations, which need to adopt more robust security measures to protect their information and ensure the continuity of their business.A survey of the International Business Report (IBR) reveals that more than 80% of medium-sized companies in Brazil are already directing or still plan to direct investments to protect against cyberattacks later this year.

Accelerated digitalization, coupled with threat sophistication, requires a more proactive approach from companies, which must be prepared to mitigate risks and respond quickly to incidents.

For Evandro Alexandre Ribeiro, Head of Information Security at Avivatec, a Brazilian reference in technology solutions for business, “a cybersecurity is no longer an exclusive concern of large corporations and has become fundamental for companies of all sizes. Threats are more frequent and sophisticated, with financial impacts and reputational damage. Therefore, it is crucial that companies invest in security technologies, adopt effective policies and promote the continuous training of their teams.

With that in mind, Avivatec has separated the three most common cyber attacks and how to adopt effective preventive measures for each of them:

• Ransomware

Ransomware is a type of malware - malicious software intentionally created to harm systems or users - that encrypts a system's files and demands a payment to release them. In many cases, the only way to recover the data is through backups or paying the ransom.Learnest variants adopt the “double” extortion, stealing data before encrypting it and threatening to disclose it. 

This type of attack has put companies at risk, as in the case of the WannaCry attack, which in 2017 infected more than 200 thousand systems in the world by exploiting a Windows vulnerability. Essential companies and institutions, such as hospitals and universities, were seriously affected, with losses estimated at more than USD 4 billion.

• Phishing

Phishing is a common cyberattack technique in which attackers do not exploit technical flaws but trick victims into clicking suspicious links or opening malicious attachments, thereby gaining access to sensitive systems and data.This method is aimed at credential theft, the installation of malware or financial fraud, and with the increased sophistication of fake messages, these attacks have become more difficult to detect. 

Between 2013 and 2015, for example, Facebook and Google were duped in a scam of US$100 million. The attacker impersonated the supplier company Quantum, sending fake invoices that both companies paid. The scam was later discovered, leading to the arrest of the criminal, who was extradited from Lithuania. As a result of the legal actions, Facebook and Google were able to recover US$49.7 million from the stolen US$100 million.

• DoS and DDoS attacks

DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks aim to make a system or network inaccessible by overloading it with fake traffic. In the DoS attack, the attacker uses a single machine to flood the target with requests, while in DDoS, several infected devices, forming a botnet a network of hijacked and controlled devices to carry out mass attacks are used to generate an even greater volume of traffic. Both types of attack can cause significant interruptions, affecting the availability of online services and harming the operation of companies.

To address these threats and strengthen cybersecurity, companies must adopt preventive strategies that go beyond basic protection measures. Below, Avivatec has put together four practices to help organizations of all sizes better prepare against the most common attacks and ensure the protection of their data and the continuity of their business:

• Risk reduction

To reduce vulnerabilities, it is essential to thoroughly evaluate systems, networks and applications, identifying weaknesses with audits and security tools. Then, failures must be classified by severity and corrected with security updates and adjustments.

• Training for employees

One of the best ways to protect an organization's data is to invest in educating employees about cyber risks and how their attitudes can impact the security of digital assets. Companies should take a proactive approach to ensuring that all employees understand threats and know how to prevent security breaches from compromising the protection of the organization.

• Adoption of multi-factor authentication and password management policies

Implementing multi-factor authentication (MFA) and tight password control are essential to strengthen security.Use strong, unique passwords, changing them regularly, and avoid keeping default passwords.MFA adds an extra layer of protection by requesting additional confirmation, such as an application-sent code.It is also critical to never share your passwords to ensure the security of systems.

• Cloud storage investment

Cloud computing is an efficient and cost-effective solution for companies, reducing server costs and offering greater flexibility.To ensure data security, it is essential to verify the reputation of the provider, enable two-factor authentication and adopt a strict password policy.In addition, using protection tools for data transport and following best security best practices are fundamental measures to protect information stored in the cloud.

In this context, it is of great importance that companies integrate cybersecurity into their organizational culture, prioritizing data protection and business continuity.With adequate investments and the adoption of good practices, it is possible to minimize risks and remain resilient in the face of growing threats from the digital environment.