Themes were among the main agendas of the 'IDC Cybersecurity Roadshow Brazil' event, held by the consultancy alongside clients and large companies in the IT market
Digital transformation has been changing business models with several benefits for companies, such as increased efficiency and productivity, improved customer relationships, simplified processes, reduced costs and greater management control. However, in an increasingly digital and connected world, the risks of cyber attacks also increase, with the possibility of leaking registration data, stealing passwords and banking details, and compromising digital infrastructures. To discuss the importance of cybersecurity, as well as Brazil's performance in this area, IDC Brasil – a leader in market intelligence, consulting services and conferences in the IT and Telecom industries – brought together clients and large companies at the event IDC Cybersecurity Roadshow Brazil, in which he also presented research and analysis related to the topic.
Investments in IT and cybersecurity
“The IDC Cyber Security Research Latin America 2023 survey shows that 39% of IT executives in Latin America guarantee that they will invest in IT security this year. Such investment is at the top of the trends on the digital agenda of these professionals, followed by Artificial Intelligence (33%), Public Cloud (29%) and Customer Management and Experience (18%)”, explains Pietro Delai, director of Enterprise Research and Consulting at IDC Latin America. “At a global level, the IDC IT Investment Trends 2023 study shows that 92% of CIOs around the world say they will maintain or increase spending on Information Technology in 2023”, completes Delai.
Still in the field of investments, according to another study by the consultancy, the IDC Worldwide Black Book 2023, Brazil occupies the ninth position among the countries with the most applications/spending on IT and Telecom, representing 1.7% of the entire planet. Looking only at IT, the country leads the ranking in Latin America, with 38% of the region's spending.
Specifically regarding cybersecurity, 37.5% of Brazilian companies consider investments in the area as the main IT initiative for the year. “By the end of 2023, Brazilian companies’ spending on security will represent 3.5% of investments made in IT, an increase of 12% compared to the previous year”, says the IDC Brasil executive.
Risks of cyber attacks increase in Brazil
“Despite its good position in the rankings and the increase in investments in IT and Telecom, Brazil took a while to see the need to invest in cybersecurity, falling behind many other countries and becoming a frequent target of attacks of this type”, warns Delai. “At this moment, investment made in the country is still below the global average and Brazil suffers from a lack of qualified professionals for the sector.”
According to CVE (Common Vulnerabilities and Exposures), a MITER database that records vulnerabilities and exposures related to information security, more than 25,200 vulnerabilities were detected or recognized by technology manufacturers throughout 2022, in addition to more than 5,400 in the first six months of 2023. “Other relevant public data was released by the FBI. According to the FBI Internet Crime 2022 report, last year, the US intelligence department registered more than 479 thousand reports of digital security incidents in the United States, the country that leads this ranking. Brazil appeared in tenth position with 1,181 cybercrimes registered by the department”, says Delai. “This reinforces that, even well below the most cyber-attacked countries, the risk in Brazil is growing. In 2021 and 2020, the numbers were 1,053 and 951, respectively.”
Main cyber incidents recorded in Brazil
The study IDC Brasil Cyber Security Research 2023 mapped the proportion of incidents identified in Brazilian organizations and showed that the most common cyberattacks are carried out by: Ransonware, which is data kidnapping carried out through encryption in software and which uses the victim's personal files as 'hostages' to receive payment for the restoration of the access by the user; Phishing, which is a social engineering technique used to trick users on the internet and obtain confidential information, and Malware, which is unsafe and unwanted software that can steal personal information or damage devices.
Measures taken by Brazilian companies
In the study IDC Worldwide Security Spending Guide – Latin America 2022, IDC listed 39 digital security measures and asked companies in Latin America which ones are most used by them to avoid cyber attacks. In Brazil, the TOP 5 measures are made up of: Messaging Security Software (used by 33.1% of respondents), Tier 2 SOC Analytics and Cloud Native XDR (28.7%), Server Security (28.6%), Modern Endpoint Security (24.7%) and Authentication (23%).
The study further showed that by 2026, 30% of organizations with more than a thousand employees will migrate to autonomous security operations centers with distributed teams for faster risk management, remediation and response. “This transition must happen because the security area has to defend the company's ecosystem at all times, and this is something very intense, given that it depends on resources and people 24 hours a day, seven days a week. The more software is produced, the more risks are generated and, consequently, more investments must be made in automating these security processes”, explains Delai.
Brazil is behind in Cybersecurity
IDC found that there are 31 thousand Brazilian professionals on LinkedIn who declare themselves as cybersecurity experts, which makes Brazil the leader in Latin America, with 38.7% of professionals in the segment in the region. “Despite being a nice number in terms of maturity, Brazil still has a very reactive culture. Always wait for something serious to happen and then take the necessary measures, unlike other countries that took the lead when the issue of cybersecurity began to be discussed”, says Delai.
According to the IDC analyst, several elements, such as cultural relativity, prevented Brazil from leveraging itself into leadership positions in the sector. “The LGPD (General Data Privacy Law) only arrived in the country in 2020, while Mexico already had its protection laws since 2010 and Europe since 2016. Furthermore, only five Brazilian CSIRTs (Computer Security Incident Respond Team) are registered at FIRST.org (Forum of Incident Respond and Security Teams), while Mexico and Europe have, respectively, 17 and 175 security teams in the global body”, exemplifies Delai.
Another example brought by Delai and which reinforces the analysis is that Brazil signed the Budapest Agreement, which aims to facilitate and strengthen available means to prevent and combat cybercrimes, only in July 2023, after receiving the first fine related to the LGPD. The European community, for example, joined in 2021.
Conclusions and recommendations
Luciano Ramos, Country Manager at IDC Brazil, explains that security and privacy risks increase with the proliferation and distribution of data across different environments (Cloud and Data Center) – and devices. “This data needs to be protected to safely reach its final destination – people, applications, processes, etc. Fortunately, this is already a clear perception of more mature companies, which will continue to increase investments and adoption of security solutions as they advance on their digitalization journey”, analyzes Ramos.
Another point raised by the executive is the need to develop a culture that emphasizes the positive impact of information security on business objectives through education and clear processes. “This is essential and can pave the way for better communication across the entire organization.”
Ramos concludes that topics such as observability, integration and Threat Intelligence only gain importance and prominence when applied appropriately to generate better risk management and provide efficient decisions for businesses. “Seeking the experience and knowledge of technology partners can be the way to accelerate this understanding and expand the capabilities of security teams.”
IDC Cybersecurity Roadshow Brazil
In addition to the team of analysts from IDC Brazil and IDC Latin America, the hybrid event brought together company executives, heads and IT analysts, as well as experts from Dell Technologies, Hitachi Vantara, Equinix, Quest, Trellix and ISACA® Sao Paulo Chapter. Guests spoke about digital platforms, cyber attacks and data protection, among other topics related to cybersecurity.
EN 
PT 
