Current Information Security Challenges

Interviews with Marcio Kanamaru, from Intel Security, and Ines Brosso, from Mackenzie

Information security systems aim to ensure the availability, confidentiality and integrity of data in companies, institutions, government agencies and also the information of anyone who uses equipment, such as notebooks and smartphones, on a daily basis. However, the IT environments of organizations and those for personal use are exposed to different vulnerabilities, whether communication, storage, hardware, software and human. Today, there is growing concern about reducing cybercriminal attacks and the risk of security breaches, which represent some of the challenges of information security.
 
For Ines Bosso, adjunct professor at Mackenzie's Faculty of Computing and Informatics, “the main threats continue to be posed by people, who do not pay attention to the risks when they receive and open files on their work and portable equipment, without knowing the source. As a result, we should see an increase in threats from phishing and crypto ransomware and social engineering.”
 
Marcio Kanamaru, general director of Intel Security in Brazil, believes that ransomware threats, which caused so much damage in 2016, should recede by the end of 2017. “That's because the impact caused by ransomware will force the security sector to take decisive action . Collaborative initiatives, the development and release of anti-ransomware technologies will reduce the volume and effectiveness of this type of attack during the year.”
 
On the other hand, Kanamuru points out that the development of more threats aimed at the cloud should grow. “The increase in trust in cloud services and the increase in companies migrating their operations will eventually attract the attention of cybercriminals looking for sensitive information stored in the cloud. The increase in the number of connected devices should also draw the attention of criminals, who can develop specific attacks for these devices”, he says.

Brosso explains that a combination of hardware, software, appliance and a good security policy is important to create a secure environment to protect data and users, including: Router, Firewall, IPS, Next Generation Firewall, WAF, Packet Decrypter, Data Loss Prevention, Proxy, Router, Security Analytics, TAPs, Antivirus, Antiphishing, Antiransomware, HoneyPot, Malware Analysis Engines, in addition to Correlating Logs (SIEM) and monitoring networks with appropriate software. “Many organizations don't invest in security and don't update their damaged or vulnerable equipment and software. Others do not even have employees trained in information security, which is a noble area of information technology”, he emphasizes. Among the guidelines, the professor indicates that organizations have an efficient Backup-Restore process, promote training programs in Cyber Security with employees periodically and have a policy for DoS and DDoS attacks.