Number of cyberattacks grows 95% in Brazil: see how to protect your company

Brazil is facing a worrying scenario regarding cyberattacks, with a significant increase in the number of incidents affecting companies across all sectors. To illustrate, according to the latest report from Check Point Research, cyberattacks in the country grew 951% in the third quarter compared to the previous year, jumping from 743 to 2,766 weekly incidents. 

This scenario highlights the vulnerability of Brazilian organizations, which need to adopt more robust security measures to protect their information and ensure business continuity. A survey by the International Business Report (IBR) reveals that more than 80% of medium-sized companies in Brazil are already allocating or planning to allocate investments in protection against cyberattacks this year.

Accelerated digitalization, coupled with increasingly sophisticated threats, demands a more proactive stance from companies, which must be prepared to mitigate risks and respond rapidly to incidents.

For Evandro Alexandre Ribeiro, Head of Information Security at Avivatec, a leading Brazilian technology solutions company, “cybersecurity has ceased to be a concern exclusive to large corporations and has become fundamental for companies of all sizes. Threats are more frequent and sophisticated, with financial impacts and reputational damage. Therefore, it is crucial that companies invest in security technologies, adopt effective policies, and promote continuous training for their teams,” he comments.

With that in mind, Avivatec has separated the three most common cyberattacks and how to adopt effective preventive measures for each of them:

• Ransomware

Ransomware is a type of malware—malicious software intentionally designed to harm systems or users—that encrypts a system's files and demands payment for their release. In many cases, the only way to recover the data is through backups or by paying the ransom. More recent variants employ "double extortion," stealing data before encrypting it and threatening to publicly release it. 

This type of attack has put companies at risk, as in the case of the WannaCry attack, which in 2017 infected more than 200,000 systems worldwide by exploiting a Windows vulnerability. Essential businesses and institutions, such as hospitals and universities, were seriously affected, with estimated losses exceeding USD 4 billion.

• Phishing

Phishing is a common cyberattack technique where attackers don't exploit technical flaws, but instead trick victims into clicking on suspicious links or opening malicious attachments, thus gaining access to systems and sensitive data. The goals of this method include credential theft, malware installation, or financial fraud. With the increasing sophistication of these fake messages, these attacks have become harder to detect. 

Between 2013 and 2015, for example, Facebook and Google were defrauded in a $100 million scam. The perpetrator impersonated the supplier Quantum, sending false invoices that both companies paid. The scam was later discovered, leading to the criminal's arrest and extradition from Lithuania. As a result of legal action, Facebook and Google managed to recover $49.7 million of the stolen $100 million.

• DoS and DDoS attacks

DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks aim to make a system or network inaccessible by overwhelming it with false traffic. In a DoS attack, the attacker uses a single machine to flood the target with requests, whereas in a DDoS attack, numerous infected devices, forming a botnet—a network of hijacked and controlled devices used to launch mass attacks—are used to generate an even larger volume of traffic. Both types of attack can cause significant disruptions, affecting the availability of online services and harming business operations.

To counter these threats and strengthen cybersecurity, companies must adopt preventive strategies that go beyond basic protection measures. Below, Avivatec has gathered four practices to help organizations of all sizes better prepare against the most common attacks and ensure the protection of their data and the continuity of their business:

• Risk reduction

To reduce vulnerabilities, it's essential to thoroughly assess systems, networks, and applications, identifying weaknesses through audits and security tools. Then, flaws should be classified by severity and corrected with security updates and adjustments. Finally, continuous monitoring should be implemented to quickly detect and resolve new threats.

• Employee Training

One of the best ways to protect an organization's data is to invest in educating its employees about cybersecurity risks and how their actions can impact the security of digital assets. Companies should adopt a proactive approach to ensure that all employees understand the threats and know how to prevent security failures from compromising the organization's protection.

• Adoption of multi-factor authentication and password management policies

Implementing multi-factor authentication (MFA) and strict password control are essential for strengthening security. Use strong and unique passwords, changing them regularly, and avoid using standard passwords. MFA adds an extra layer of protection by requesting additional confirmation, such as a code sent via an app. It's also crucial to never share your passwords to ensure system security.

• Cloud storage investment

Cloud computing is an efficient and cost-effective solution for businesses, reducing server costs and offering greater flexibility. To ensure data security, it's essential to verify the provider's reputation, enable two-factor authentication, and adopt a rigorous password policy. Furthermore, using data protection tools during transit and following recommended security best practices are fundamental measures to protect information stored in the cloud.

In this context, it is of paramount importance that companies integrate cybersecurity into their organizational culture, prioritizing data protection and business continuity. With adequate investment and the adoption of best practices, it is possible to minimize risks and maintain resilience in the face of growing threats in the digital environment.