*By Alexandre Nakano
Don't trust anything inside or outside your network or perimeter. What looked like alarmist advice a few years ago is now the concept of a security model that more and more organizations need to implement. The idea is simple, but the challenge and risks are great. Attacks, hijackings and data leaks are just a few problems that interrupt services, reduce profits, affect credibility and impact business competitiveness. Data is part of the business and protecting it is vital, even more so in times of hybrid work, with employees' homes being part of the office and, consecutively, opening space for new cybersecurity risks. In this new way of working, the CIO needs to ensure local and remote productivity, as well as his own security.
It is also worth mentioning the General Data Protection Law, which in the event of an eventual leak can lead to high fines, promote the flight of customers and compromise the institutional image, which in some cases can be worse than the fine itself. Identity is another extremely important factor, as we have seen many cases of internal fraud. Therefore, new tools are needed that, through AI, can monitor an unusual behavior of a valid access or even an abnormal data movement for this access. A big trend is to go beyond validating access, and ensuring it is blocked if there is abnormal behavior.
Another front that has been gaining more and more prominence is cybersecurity management. Many companies have already adopted the hybrid concept, in which part of the company's applications and data storage are in the cloud and, in many cases, use more than one cloud solution provider, adhering to the so-called multicloud. In this scenario, which tends to expand and become increasingly complex, managing cybersecurity in the cloud has become essential.
Solutions that analyze vulnerabilities and take preventive actions are also gaining prominence. Investing in these systems is a strong market trend. We have also seen an increase in demand for automated solutions, controlled by Artificial Intelligence (AI), capable of testing systems and anticipating an attack.
In addition to ensuring security with various solutions that protect against “malware”, organizations also need to adopt a robust and tested backup system, have a clear contingency plan in case of information loss or kidnapping, and keep systems operational and updated software. Many updates ensure the maintenance of system vulnerabilities and ideally they occur in an automated way.
Third-party service providers, which can be the gateway to an attack, still deserve special attention. With the digitization and integration of systems between companies, this has become a point of vulnerability. Regardless of size or field of activity, nowadays it is mandatory to have a clear and widespread information security policy. Everyone needs to know the importance of this issue and the damage that the company they work for can suffer in the event of data leakage or kidnapping.
Knowing this, traditional security solutions need to be complemented with new cybersecurity actions in the face of new threats. It is necessary to expand the “radius” of action in the security area and open up to a more up-to-date vision. With the “new normal of hybrid work”, we have seen new threats as well as the exponential increase in the use of cloud applications. We've also seen an increase in business interest in solutions for securing applications in the cloud, scanning for vulnerabilities, managing open source software, security testing, and anti-fraud solutions. Good sign! After all, trusting nothing and no one is not alarmist. When, 66% of companies around the world suffered a cyberattack in the last 12 months and it is known that Brazil is the most targeted country in Latin America, with 31.5 billion attack attempts, from January to June of this year, there is little care and every investment is useful.
*Alexandre Nakanois Director of Security and Networking at Ingram Micro Brasil.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
