*Per Thiago Tanaka
Cyberattacks continue to bring fear to the corporate world. According to the annual X-Force Threat Intelligence Index report, although Latin America accounts for 12% of the attacks observed by the incident response team, the region is the fourth most attacked region in the world. Brazil, Colombia, Mexico, Peru and Chile were the biggest targets. Brazil, specifically, was responsible for 67% of the cases handled by X-Force.
Public and private institutions, at this very moment, may certainly be suffering an attempted invasion of their systems. In this scenario, the main question to be addressed by senior leaders is not “if”, but “when” the company will have to face a serious digital security incident. Much more than creating paranoia, it is necessary to develop a sense of urgency regarding the topic.
Companies are connected to servers that store thousands of sensitive data from their customers, employees and suppliers, as well as strategic information that directly impacts their competitiveness in the market. Keeping cybersecurity tools up to date and, above all, choosing which ones best protect each sector or business is the first step towards having a robust line of defense and mitigating damage from different types of attacks that will happen in the future.
Corporate digital protection is linked to the cybersecurity concept known as MDR (Managed Detection and Response), a global standard established for good management of any cyber incident: with agility, appropriate tools and prompt response from specialized teams. In addition to investing in training and hiring people with expertise in the subject, there is always a question about how to choose the best tools.
There are numerous programs and solutions on the market that are sophisticated and committed to ensuring companies' cybersecurity, but starting with the basics, in this case, is not just a recommendation, it is a necessity. If the company does not have primary equipment management solutions, security alerts, threat management and a command center to monitor the digital environment, it is completely exposed, in the role of “a sitting duck”, an easy target for hackers. future attacks.
So that companies can focus on their core business sectors and develop products and services that generate value for their customers, addressing their concerns with their data and strategic information, it is important to have partners who are experts in the area of cybersecurity and know how to navigate the labyrinth of digital environments.
A single MDR provider may be able to provide and continuously manage a package of essential cyber defense tools, a fully centralized service that is much more advantageous from a commercial point of view. Furthermore, he can count on a team of specialists ready to take action at the slightest sign of danger, working in synergy with the internal team. In the case of TIVIT, we developed the MDR Suite, which ranges from the Basic to Enterprise packages and offers a customized combination of security services to meet different business needs.
The MDR Suite also determines the SLA and classification of each security action, so that any unforeseen event is detected and resolved more quickly and the customer is aware that measures will be taken according to the severity of any incident.
My experience in the technology sector and in the national market shows that Brazilian companies have the full capacity to be properly protected and alert about possible attacks on their networks, as long as they are aware of the importance of constantly investing in cybersecurity.
In this area, negligence costs much more than the investment in prevention: in addition to the possibility of facing the leakage of sensitive data, the credibility of the company and the executives themselves are at stake. A company's years-long trajectory can be questioned. A success story can be marked by a reputational crisis that is difficult to reverse.
It is possible to start with the basic package of protection tools and services, and evolve according to the company's needs and its financial availability of cash flow or the advancement of the tools themselves (not forgetting that the attacks themselves become more sophisticated over time) . It's the seat belt to engage first gear and accelerate. Without it, the accident is certain. Without the basics, it's just a matter of time before the attack happens.
*Thiago Tanaka is director of cybersecurity at TIVIT. He has 15 years of experience in IT, with more than 12 years dedicated to information security. He has experience in the technology, financial, industry, energy, services segments, among others.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies