According to a study by Marsh, commissioned by Microsoft, 3 out of 10 Brazilian companies noticed an increase in cyber attacks as a result of the pandemic.
According to the study Perception of Cyber Risk in Latin America in times of COVID-19, conducted by Marsh at Microsoft's request, only 16% of the companies interviewed increased their information security and cybersecurity budget during the pandemic. With the low investment, 30% of the companies questioned claimed to have noticed an increase in attacks as a result of the pandemic; among the main threats, 25% considered that social engineering attacks (phishing) and malware attacks are the ones that have increased the most; another 24% mentioned attacks on web applications.
Despite this perception, 56% of the Brazilian companies questioned invest 10% or less of their IT budget in cybersecurity, and 52% of the organizations said that the investment in this area has not changed. In terms of employee safety practices, only 23% of organizations said their workforce is using company equipment exclusively, not to mention laptops, smartphones or personal tablets.
The study, carried out jointly between Marsh, a leader in consulting, insurance brokerage and risk management, and Microsoft, examines how companies have protected themselves from growing attacks in the new normal and the measures that have been taken for remote work.
Phishing is the main threat in Latin America
Among the main findings of the study, we highlight:
- More than 30% of companies in Latin America saw an increase in cyber attacks as a result of the COVID-19 pandemic, with attacks such as phishing as the main threat, with the banking sector being most affected, with a perceived increase of 52%.
- As a result of implementing remote work, 70% from organizations in the region allowed their employees to use their personal devices, which significantly increased exposure to some type of cyber incident. However, remote access security is a priority for only 12% of respondents and the second item on the list for 7% of respondents.
- Only a quarter of the companies surveyed increased their cyber security budget after the pandemic, while the increase in the data protection budget was 26%; only 17% of organizations in Latin America have insurance against cyber risks.
The study was obtained from the results of a survey of more than 600 companies in the region, from more than 18 countries in more than 20 sectors. The companies surveyed are distributed throughout the region, 31% in Brazil, 17% in Colombia, 11% in Mexico, 8% in Peru, 4% in Argentina and 29% in other countries, in sectors such as: food and beverage, aviation, real estate, communications, construction civil, education, energy and hydrocarbons, public institutions and NGOs, hotels and restaurants, finance, manufacturing, mining, chemistry, retail and transportation, among others.
“Many results found in this analysis are really worrying, such as the low rates of companies with insurance against cyber risks and security investment that are highlighted in the study. Now that companies are more exposed to remote work and the use of personal devices, it is worrying that few companies have increased their cyber security budget after the pandemic and some have even reduced this investment, despite the notable increase in cyber attacks. ”, Comments Marta Schuh, superintendent of cyber risks at Marsh Brasil.
Microsoft's cybersecurity vision
Considering that the pandemic has driven the adoption of remote work formats, companies must implement the controls necessary to work in this modality and mitigate the main risks. In addition, they should remember that there are no technologies or processes that completely eliminate cyber risk, but that employees can be made aware of the safe handling of confidential information and how to identify threats and detect cyber attacks in a timely manner.
“Security is our priority, which is why we invest US$ 1 billion a year and analyze 8 billion signals and attacks coming from different sources every day. Now, more than ever, our recommendation to protect businesses includes an integrated security strategy that uses cloud intelligence to protect users, devices and data. In 2019, Microsoft blocked more than 13 billion malicious and suspicious emails, of which more than a billion were URLs configured to launch an attack to steal access credentials. Cybercriminals are taking advantage of people's interest in learning more about COVID-19 to specialize their attacks with identity as their central target, ”explains Marcello Zillo, chief security advisor at Microsoft Latin America.
Technology is essential to increase defense
Here are some important security recommendations that need to be prioritized in view of the current scenario of digital transformation and cyber attacks:
- For any company, migrating to the cloud is the first and important step to enable secure remote work, achieve operational efficiency, deal with IT budget constraints and accelerate innovation. Microsoft offers a unique approach with native cloud tools and a single provider, which provides a new level of integration that brings companies the best of both worlds: total visibility of all their resources and intelligent alerts created with a deep knowledge of individual resources, enhanced with human and mechanical intelligence.
- Adopt the Digital Empathy strategy with a world without passwords, in which access with multi-factor authentication (MFA) it's easier. This way, users no longer need to remember or change their passwords and can use native features of the Windows platform, such as Windows Hello, which allows authentication through facial biometrics (for example), thus avoiding the exposure of their passwords.
- Microsoft Defender for Office 365 attack simulation trainingallows companies to run simulations of benign phishing attacks to test their security policies and practices, as well as training their employees to increase their knowledge and decrease their susceptibility to attacks.
- The automatic continuous scanning feature of attachments,also present in Office 365, allows users to have a higher level of protection against phishing and malware attacks, as the native security platform allows file analysis to identify malicious content, performing the security scan transparently for users.
- Machine Learning it is widely used in Microsoft security solutions to continuously detect new types of attacks and abnormal behaviors, identify and mitigate attempts to steal data or misuse access credentials, in addition to providing more agility in detecting and responding to attacks.
Check out the infographic with the results of the study.
EN 
PT 
