.jpg)
"Your company has been compromised, but you don't know it." This was the conclusion of the research carried out by the security company Kroll, during 2014, with Brazilian companies. Of around 150 companies interviewed, only 9% claimed to have had a security incident in the last 12 months. Other 36% reported not having suffered any incidents and 37% from 1 to 9 intrusions.
The result of the study, released during the 11th Aker Reseller Workshop, is in line with the conclusions of the so-called "pentests", programmed attacks carried out with the authorization of companies in order to identify vulnerabilities and correct them.
In Kroll's assessment, approximately 100% of the tests performed are successful. This means that it is possible to invade the entire network of companies that undergo vulnerability tests.
For Fernando Carbone, director of Cybernetic Research at Kroll, intrusions, by themselves, do not mean that the security systems adopted by the company are flawed. "New viruses and malware are released daily and it is not possible to retain 100% of threats. We have all suffered, or will suffer, a hacker attack at some point. The question is to mitigate the risks and react in a short space of time to avoid the resulting damages of this invasion.", warns Carbone.
Invasion is not noticed
Another survey, commissioned by the consultancy Mandiant, also cited at the Aker Security Solutions meeting, revealed that an attacker spends, on average, 243 days inside the corporate network without being noticed and that two-thirds of victims are notified of the intrusion by a third party.
The Kroll executive also highlighted the results of Verizon's Data Breach Investigation Report 2015, according to which about 60% of attacks happen in just one hour, but 62% of them are only discovered after a few months.
"The reality is that IT audits, applications, or IT teams of companies can detect only 1% of these intrusions. That is, the company itself hardly notices the attacks, being usually notified by third parties or when the hacker himself decides to disclose his made, as in the case of the Anonymous group, for example", notes Carbone.
Brazil is the 10th country that suffers the most attacks, according to a survey of Symantec's 20th Internet Threat Security Report, a global company specializing in digital information protection. There are approximately 317 million new threats capable of compromising a company's operations. 71.1 billion will be spent worldwide on information security by 2016. Not to mention the loss of negligence in the use of passwords and logins, which already accounts for 210 million.
Also at the resellers' meeting, Aker's president, Rodrigo Fragola, emphasized that attacks via backdoors (vulnerable points installed on purpose or accidentally in software or network equipment) today represent a great risk to the integrity of information and technical operations of companies.
"Companies of all sizes, including government agencies and public utilities, may have their assets compromised not due to attacks by attackers or failures of internal personnel, but due to vulnerabilities installed in their own operating systems that allow the easy entry for spies or fraudsters", says the president.
EN 
PT 
