In the midst of the new coronavirus pandemic, companies were forced to migrate to the home office model, and their professionals, who previously worked behind the entire security layer of the office, such as firewall and antivirus, are now working directly from home, with a lower security level than the corporate environment. The result: mass cyber attacks. According to Kaspersky, between February and April, attacks targeting tools that allow remote access increased 333%.
“The vulnerability of companies has become even greater due to remote access to systems via the home office. People often work with a computer and still share the use of the device with others in the home. This whole movement becomes a risk for the networks of the organizations ”, explains Caio Telles, CEO of BugHunt, the first Brazilian platform for Bug Bounty, a reward program for fault identification. “The growth of remote work allows servers to be configured incorrectly, attracting cybercriminals and facilitating intrusions”, he warns.
This movement was reflected in the platform, which, in six months, has the participation of more than 2,000 security experts and has already identified more than 350 vulnerabilities in Brazilian companies. In order to democratize access to security and promote unity between organizations and security professionals, BugHunt closely monitors the failures and vulnerabilities of systems and solutions by bringing together specialists in search of recognition and institutions committed to information security and privacy of your customers.
During the pandemic, the vulnerabilities most encountered by experts on the platform were flaws that expose user data. “This is alarming, given the new General Data Protection Law (LGPD), which could lead to million-dollar fines for companies that have leaked customer data,” says Telles.
During this period, BugHunt also saw an increase in interest in Bug Bounty programs, both by experts and by companies. “Companies are interested because they were forced to operate online, which brings the need to identify and treat bugs in systems”, explains the executive. “The specialist, on the other hand, saw this moment as a possibility to increase knowledge in the security area, supplement income and use a national reward platform”, he adds.
The specialists registered on the platform identify bugs in systems, applications, websites and physical devices, such as totems and card machines. The company that hired the service evaluates the vulnerability reports sent by the community and, if approved, the researcher receives his reward. A specialist can earn up to R $ 10,000 for discovering each vulnerability.
The focus is on identifying flaws that may represent risks to companies, such as data leakage, which impacts LGPD; invasion; ransomware attacks; or other risk that causes financial, operational or image damage. On average, it takes companies 196 days to realize that they have been attacked.
According to Telles, in Brazil, the third country that suffers the most attempts at virtual attacks in the world, cybercriminals differ from hackers in other countries because, in addition to technical understanding, they have knowledge of business rules, in addition to a lot of creativity. “They find not only technical vulnerabilities, but also flaws in companies’ processes”, he points out.
For these reasons, cybersecurity is becoming increasingly necessary. “It is necessary to simplify systems and integrate cybersecurity and tests in the development processes. In addition, it is essential to raise awareness among employees in order to create a safety culture ”, he explains. “Now, with more people working from home, it is also essential that companies take steps to protect their remote employees, in addition to their devices and home networks,” he adds.