Since the beginning of the year, Brazilians are faced with frequent news about cyber attacks. In January, PSafe reported that a bank with data on 223 million Brazilians was leaked and detailed information such as name, CPF, e-mail and date of birth were exposed on the internet. In November, the systems of the Supreme Court of Justice (STJ) and the Ministry of Health were down due to a hacker attack.
The leaks are nothing new, since Brazil is the third country that receives the most cyber attacks on devices connected to the internet, according to Symantec. Of all the threats detected by the company, 9.8% occurred in the country. China ranks first (with 24%), followed by the United States (10.1%). But after all, why can’t companies and the government solve the problem that has become more and more recurrent in Brazil?
According to cybersecurity expert Marcelo de Souza da Silva, data management in the country faces a series of problems, ranging from the authorities’ lack of knowledge to the population’s lack of awareness about the subject.
Protection processes and policies, in most cases, are just a protocol, and are not enforced in practice
For the specialist, the great difficulty in the country is the lack of standardization of the IT environment. “Each institution has its own information security team. Protection processes and policies, in most cases, are just a protocol, and are not enforced in practice,” he says. In addition, keeping the institution’s systems up to date and well trained staff is a major challenge. “The acquisition of technologies that can stop these attacks is expensive and has a complex implementation, which makes preventing attacks even more difficult.”
He says that the invasions of government agencies are seasonal, increasing the forecasting capacity and, consequently, protecting the systems. However, the absence of a more specialized team makes the process difficult. The expert also points out that the LGPD, a law that establishes rules on the collection, sharing and storage of personal data, is still in its infancy in Brazil.
According to Marcelo, hackers have two favorite targets: the end user, who may have their bank details stolen, and large institutions that have giant databases, which can serve as a bargaining chip for attackers. That’s because, in the right hands, data can be extremely valuable.
Who profits are the big companies that depend on it to offer their products
“Who profits are the big companies that depend on it to offer their products”, he tells TecMundo. “Imagine a department store that needs a large database containing the population’s name, phone number and credit score. They are certainly willing to pay for this information,” he says. For him, this factor opens up a range of opportunities for hackers to attack institutions in order to pass on the stolen information.
How to protect yourself
To protect yourself, the most effective measure is to invest in a strong and well-structured security policy. “One point that should never be overlooked is the updating of all software used by the user and the company. This is because, whenever a breach is found in a version, the supplier works to correct the problem, precisely so that situations do not occur. like the leaks “, Marcelo says.
For him, the main security practices that must be adopted in the corporate environment are: development of rules for the creation of passwords, periodic updating of software, adoption of antivirus and the definition of backup schedules.