The 2020 Challenges for Information Security

By January 24, 2020 No Comments

*Paulo Silva

The Information Security scenario is constantly changing. A global study of IBM - International Business Machines Corporation - about privacy made in 11 countries, including Brazil, has about 11 thousand people and it appears that people are dissatisfied with the way that many companies deal with their information. The fact is: 96% of consumers surveyed in Brazil agree that organizations should do more to protect them.

Another study done with the participation of almost 5,000 IT security professionals in 15 countries, including Brazil, reveals that, in our tropical country, more than half of the companies do not offer cybersecurity education to employees - which can serve of fuel to claim that 2019 was a year with a high rate of hacker attacks.

“Companies that collect, store, manage or process data have an obligation to treat it responsibly and the General Data Protection Act will ensure that. For this reason, it is important that organizations start to prepare as soon as possible and focus their efforts on security and privacy ”, says João Rocha, cybersecurity leader at IBM Brazil.

Also according to the survey, 6 out of 10 Brazilians reported that they suffered from data leakage or know someone who has been through similar situations. In Brazil, 5 out of 10 consumers are aware that their information is always, or in most cases, shared. A total of 81% of Brazilians claimed to have lost control of how their personal information is used by companies.

About the cybercrime that tend to gain strength in the coming months, as it has grown over the years, one of the potent ones is the cloning of cell phone chips. In such cases, in addition to the loss of money, there is exposure to financial scams and theft of personal data.

According to security companies, the newest target for cybercrime is theft of logins from security services. streaming films and music. With this practice, the criminal has access to valuable information that is sold to people around the world, and especially in deepweb - layer of the internet that cannot be accessed through search engines, therefore, susceptible to crimes of all types.

Those who still use the soperational system Windows 7 they should also pay extra attention, because Microsoft intends to end technical support for the system as of January 14, 2020. And when software stops having due updates, criminals tend to exploit loopholes and security holes that will never be effectively corrected.

Companies in the most diverse sectors must also be vigilant to identify and prevent criminals from taking action in the next year, institutions that concentrate large amounts of data, such as digital banks, could be targets of extortion - when criminals demand payment in cash or in cash. bitcoin not to disclose sensitive information.

Another vulnerability that could be exploited in 2020 are loopholes in supply chains. It explores software distributed to several companies, such as cell phone applications, to have a wide reach among users. Which brings us to another concern, which is the spread of fake news through the internet, which has been growing wildly in recent years. And it is not expected to decrease in the coming years.

Although not a scam, this practice also serves to deceive internet users and deserves full attention.

IBM also recently announced the results of a global study that explores organizations' readiness for and resistance to and fighting cyber attacks. The study, administered by the Ponemon Institute and commissioned by IBM Security, he found that the vast majority of organizations surveyed still suffer from unpreparedness and a lack of means to respond to cybersecurity incidents. In view of 77% of respondents indicating that they do not have a cyber security accident response plan applied consistently across the company in question.

While studies show that companies that respond quickly and efficiently to contain a cyber attack in 30 days save more than US$ 1 million in the total cost of a data breach, deficits in proper security incident response planning have remained recurrent for the past four years of study.

Considering the surveyed organizations that have a plan in place, more than half do not test regularly, which leaves them less prepared to successfully manage the complex processes and coordination that must occur after a cyber attack.

 “Not having a plan in place is very risky when responding to a cybersecurity incident. These plans need to be tested regularly and with the full support of the board of directors to invest in the people, processes and technologies necessary to support this program ”, says João Rocha, security leader at IBM Brasil.

The adversities experienced by security teams in implementing an incident response plan also affected companies' compliance with the GDPR, General Data Protection Regulation. According to the survey, almost half of the respondents say that their organizations have not yet fully complied with the GDPR - even though approximately one year has passed since the legislation was passed.

João Rocha still reiterates “When the proper planning is combined with investments in automation, we see that companies are able to save millions of dollars during a security breach.”

* Paulo Silva is a consultant at Safeway

Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!