*by Lucas Pereira
With digital increasingly in our daily lives, hearing about cyber fraud, data leakage and malware has become quite common in recent years. But the converse is true: it has never been more important to talk about cybersecurity initiatives, especially for businesses. It is necessary to protect networks and operations against all types of risk. And this raises a question: how can the industry identify what is and what is not dangerous? How is work to discover new viruses and Internet scams?
Known as “Zero Day”, this work to identify and capture a new malicious agent is a fundamental part of the evolution of companies' and users' digital security defenses. After all, it is this action that allows the actual updating of virtual protection systems, defining what is or is not safe to be accessed within a network.
The point to consider, however, is that finding new malware is always a complex and urgent task. We must always keep in mind that cybercrime is a market in continuous sophistication, with new ways of trying to circumvent systems emerging daily and with many people being attacked simultaneously.
For example, according to research carried out by the Swiss bank Julius Baer, it is estimated that cyberattacks could have cost the global economy around U$ 6 trillion in 2021, with around 90,000 attempted attacks being carried out every second around the world. This reinforces the idea that we are talking about a scenario that is putting organizations, governments and people from all places at risk – and the risks can come from the most common baits to phishing, via e-mail and Whatsapp, to the direct contamination of networks, through the invasion of gadgets such as modems, virtual assistants and environment automation devices, among others.
To be able to investigate and find these malicious actors for the first time therefore requires intelligence. And that's what digital analysis labs deliver to the cybersecurity strategy of these new times. Through a lot of research, cross-referencing, and a sense of curiosity, robots and cybersecurity experts spend entire days analyzing, testing, and validating potential attack sources.
Among other tactics, what these research labs do to identify a Zero Day is to create environments that are purposefully open and prepared for digital infection – a honeypot. These environments receive the attacks and collect information, IP addresses, domains and artifacts (files) that are submitted to the Sandbox. These environments are test and analysis boxes, where professionals can not only work to identify a new contaminant, but also to check for possible holes and vulnerabilities that can be adjusted in applications – or even to catch variants of other already known threats. previously.
The work of these labs is very important, especially if we remember that the recording of incidents is often a neglected topic by companies – something that tends to change, in Brazil, as the LGPD consolidates the principles of transparency and ethics in this process. . Yes, it is a fact that nobody wants to expose a sensitive topic like security. But the cataloging of incidents is a key ally to understand trends, possible paths of cybercrime development and, above all, to quickly prevent other organizations (and people) from being victims of a contamination format that could be avoided.
Having a wide and diversified library, with real records of what happens in the day to day of companies, is a way to speed up analyzes and decisions. In times marked by rapid change, it is also essential that companies and consumers understand that every tip is valid to anticipate the steps of criminals, understanding the trends and weapons used by cyber attackers.
With digital relationships gaining importance and volume within companies, anticipating any threat has become a critical point for the survival of entire businesses of all types and sizes.
It is this context, challenging by nature, that makes the adoption of solutions powered by these laboratories a highly relevant factor. By relying on a comprehensive proposal, capable of analyzing data and finding threats since Zero Day, companies can certainly mitigate risks, not just against known old malware.
Today, for example, few segments and companies can really count on Zero Trust, a type of approach that preaches case-by-case analysis of requests for connection to networks. Although this format seems interesting, with blocks for everything and everyone as a form of protection, the reality is that the challenges related to the amount of manpower in the teams and the daily pressure on the IT and Information Security departments certainly put question the practical feasibility of this “zero-trust” model.
The best way to mitigate wing threats may vary depending on the requirements of a particular market or vertical. The only condition, we can say, is that companies move towards evolution in the level of protection of information within the users' perimeter, in their homes and local connections, adopting solutions that are truly suited to their characteristics.
Relying on new-generation VPNs and Firewalls, in addition to specialized support for decision-making, are examples of measures to anticipate threats and make strategy and cybersecurity more prepared for the dynamics of this rapidly changing world. That way, organizations will have concrete ways to confirm that their network environment is secure. The focus should be on expanding the management capacity of various devices, on the search for more agility and on the intelligent reinforcement of security actions inside and outside the perimeter of the networks. No day zero, one or a thousand. Evolution needs to be constant.
*Lucas Pereira, Head of Products at Blockbit
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies