* By Demetrio Carrión
In crisis scenarios, especially in situations of the magnitude of the pandemic of the new coronavirus, nothing worse than facing other internal crises, which hinder decision-making and make long-term planning unfeasible. When we need to be agile and look beyond current difficulties, stability and security are essential pillars for business survival. And it is at this moment that we realize that cybersecurity is the front of protection for everyone else.
The latest edition of Global Information Security Survey, a survey conducted by EY in March this year, shows that approximately 60% of global companies have faced an increasing number of attacks in the past 12 months. In contrast, only a third of the organizations interviewed treat cybersecurity as a priority, involving security teams since the beginning of the design of technological initiatives.
The impact of digital attacks is so great that the World Economic Forum's 2020 Global Risk Report itself highlights cyber security and data theft among the biggest global risks.
With the COVID-19 crisis, many companies realized that not investing in the protection of data and digital assets is a risk that is not worth taking. Any company that wants to anticipate threats must focus on creating a culture that involves cybersecurity. One question that all leaders must ask themselves is "if you were under cyber attack, would you know?"
In addition to ensuring better competitiveness and differentiation for organizations, data privacy allows you to face unforeseen events and changes more easily. With most of the employees working remotely, companies that had not yet planned to do so, had to deal with other concerns: how to protect my information on insecure networks? How can I prevent new cyber threats that take advantage of the sensitive moment to bring risks to my business?
One of the guidelines raised by experts is to be aware of the confidentiality of information and transparency in communication. The use of employees' personal data - for example, cases of those infected with SARS-CoV-2 - must be justified and have a fixed period for beginning and ending. Access management and confidentiality ratings are also emergency measures to ensure adequate and safe remote work for everyone.
It is necessary to understand the relevant threats, as well as the motivations of possible malicious agents that can exploit the moment of uncertainty to launch new cyber attacks against organizations. Alert your employees to the risk of receiving phishing emails associated with COVID-19, notices from the Ministry of Health, stoppages, financial benefits, among others. There are hundreds of fake apps and pages trying to get data and break into systems.
While everyone is reviewing their business continuity plans, also review the incident response plans. Yes, the cybersecurity ones! As many organizations have learned, it is no longer a question of "if" you will face a cyber attack, but a question of "when". Every asset in your company is at risk.
Among the many teachings that the COVID-19 pandemic can give us is that protection is never too much. Taking care of our health, family, personal property, information and privacy not only preserves our well-being, but also allows us to think beyond the crisis and identify who we want to be when everything is over.
* Demetrio Carrión is a leading cybersecurity partner at EY
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies