The dangers of cybercrime have existed for many years, but the increase in the percentage of the internet-connected population and the time spent online have provided more opportunities for hackers and criminals to take advantage of the situation to try to make more money from fraud.
Common cybercrime techniques, such as phishing and ransomware attacks, have been experiencing recent spikes. Cybercriminals are also taking advantage of the anxieties and fears triggered by the Covid-19 pandemic, using malware and other types of fraud - from fake websites to malicious ads and emails.
It is also clear that companies - not just individuals - will be affected by this cybercrime pandemic. According to "The Global Risks Report 2020", published by the World Economic Forum, the cost of cybercrime for businesses by 2021 is estimated at $6 trillion. Such attacks can affect entire cities, such as a recent case of ransomware in Johannesburg, South Africa.
Given this reality, an area that has been much glimpsed is cybersecurity, with the issue of privacy and the protection of personal data.
The use of data by companies has grown exponentially and digital information has offered enormous potential to organizations. But just as new technologies benefit businesses, they also create vulnerabilities, such as data breaches, personal information leakage, or cyberattacks.
Therefore, data protection has left the status of "important" to be now considered "priority" for business. Companies that offer security and show respect and care for the data of individuals will be able to differentiate themselves in the market.
Privacy is becoming a reason for consumers to buy a product. The "new consumer" is increasingly demanding. According to a recent IBM study, 96% of Brazilian consumers agree that organizations should do more to protect their data.
No, no, no, no, no, no, no, no, no, no, In recent years, scandals of leaks of personal information have become frequent and in Brazil it has been no different. The country is number one in financial attacks in the world. A study by karspersky company pointed out that phishings and financial trojans are the most responsible for these occurrences in our territory.
As a result, new regulations and standards have entered into force. And company managers need to be aware of these new requirements brought by both Brazilian and international legislation. This is the case of the General Law for the Protection of Personal Data (LGDP) in Brazil and the General Data Protection Regulation (GDPR). With LGDP, companies will have to undergo a series of adaptations regarding the collection, storage and processing of individuals' data. It will be the obligation of organizations to clarify the purpose of the use of the data and to collect only the information that has the consent of the holder. Those who violate such obligations will be subject to fines and penalties, which can reach 2% of the company's revenues.
However, the LGPD can lead to a dangerous path, causing other types of crime to emerge. It is possible for an attacker to enter a company's system, take the data, and contact the company itself to ask for ransom, such as a cyber hijacking, for example. Violations such as these can also lead to lawsuits and damage to the reputation and credibility of companies, affecting the value of brands, sales and results. Added to this is the fact that, in Brazil, there is a worrying deficit of professionals specialized in the area of information and data security.
Only 2% of Brazilian companies believe they have an effective security system. In addition, 43% of them do not have a structured intelligence program against virtual threats and 45% report that they would hardly be able to predict data theft attempts.
This only reinforces the urgency of Brazilian institutions to prioritize the theme in their strategies in the coming years. Many companies have already been moving, but they know that there is a long way to go. A first step could be to develop mechanisms that detect risks and delay the action of hackers.
Using a double authentication factor and prioritizing stronger passwords are typically good options for strengthening the defense system.
Given this scenario, cybersecurity can no longer be seen only as a problem to be solved. And the challenges are many. Companies should invest not only in technology - safer hardware and software - but mainly in better processes and the human factor. Empowering, training and mentoring employees - or even hiring specialized teams - should be a priority.
When employees are not aware of the importance of digital security, they end up being primary responsible for cyber risks. Therefore, there is no point in having the most advanced data protection system if the organizational culture is not well structured and prepared.
- The key role of leadership
Managers need to understand that the security culture goes far beyond technology and that it is paramount to have cybersecurity in the company's DNA. This DNA needs to be inserted in the daily lives of all employees and in the internal processes of companies.
The challenge of cyber threats will be from all sectors and countries. Therefore, organizations should increase the engagement of senior management and boards in overseen the management of cyber risks and data privacy. It may even be interesting to invest in independent areas of cybersecurity.
The recommendation, however, is that cybersecurity be treated as a key competency within the organization - more of a philosophy or mindset than a specific process or department.
Companies that absorb this key competency in their DNA will certainly be better positioned in the market and will open up advantage over competitors.
terra - 08/09/2020
News Item translated automatically
Click HERE to see original
