*Per Denis Riviello
Increased number of cyber threats, different security measures for specific cases of each company and criminals with increasingly sophisticated and unpredictable attacks are factors that contribute to the feeling of uncertainty within organizations.
According to the Global Digital Trust Insights Survey, there is a demand for 80% in search of cybersecurity and, out of 10 companies in Brazil, 8 say they will invest in the sector. However, how to know if the investment being made is enough or what is the right moment to start developing this area within the company?
The first factor that decision makers need to keep in mind is that the ideal time to invest in cybersecurity is now. Neglecting this need may be too late due to the constant evolution of attacks.
As the annual report by Trend Micro, a cybersecurity company, concluded, 2022 recorded 146 billion scam attempts worldwide, a record compared to 2021. Ignorance of organizational risks, lack of security awareness for employees, increase in number of incidents and lack of operational and executive visibility are clear signs that the current investment is not meeting the company's needs.
In addition, attacks usually give indications and, in addition to also serving as a sign that security needs to be strengthened, being aware of them can prevent crime from happening. The identification of anomalous events and different behavior in applications can be a warning that something is not right. Even by blocking users and accesses, there may be indications that credentials have been compromised, and the sudden increase in traffic on the network or on the internet link and slowness in servers and endpoints are also indicators.
Another issue that, despite making the situation more complex, must be taken into account is the fact that each company is unique, therefore, it is necessary to assess the situation and measure the risks that must be accepted, mitigated or transferred, to understand whether it is really necessary or not to invest more in the cybersecurity sector. Something that solves this issue is having qualified labor on the team, who understands the company's particularities and can determine the specific situation at each stage.
In any case, verifying that the expected benefit is being achieved with the solution, generating evidence that the measure has brought about some noticeable result and reassessing the risks to find out if they are within the plan are ways to manage this much needed investment.
So being prepared is key. Companies are under constant attack, of all kinds, and investment in security is mandatory for the survival of any niche business that contains technology.
* Denis Riviello is Director of Information Security at Compugraf, provider of information security, data privacy and governance solutions for the main Brazilian companies.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
