*By Renata Barros and Tailan Oliveira

Everything everywhere and at the same time. This is what the routine of organizations currently reflects, after all, with the advancement of technology and ease of internet connection, today, we can connect at any time and place – which was an important gain for the growth of companies. In turn, this greater accessibility also brings with it considerable risks, which reinforces the importance of investing in cybersecurity and, above all, in the care that must be taken when applying the best solution.

It is nothing new that investment in digital protection is among the priorities of organizations, and the concern is justified taking into account that, according to a Trend Micro report, Brazil occupies the second position in the ranking of countries most vulnerable to hacker attacks across the world. world.

And, given the advancement of the digitalization process of companies, which are increasingly issuing data every day, it is crucial that they are concerned about the protection of their digital assets, in order to avoid the leakage of information that could harm the company as a whole, ranging from financial and operational losses, to image and brand compromise, which can result in loss of credibility and competitive advantage.

In this regard, companies are paying more attention. No wonder, according to the IDC Cyber Security Research Latin America 202 survey, cybersecurity has become the priority among investments for 37.5% of Brazilian companies. Although projections point to greater and better awareness of the importance of investing in protection, we still need to draw attention to the fact that no tool, alone, will be able to mitigate all risks.

In this way, we can ask the following question: if companies are engaged in security issues, why do we continue to see cases of cyberattacks? The main reason for this is the lack of a broad understanding of organizations that see cybersecurity as just a tool or technological solution, rather than something multidisciplinary.

That is, many companies make the mistake of only believing in the software or service as the exclusive guarantee of security. And, with this, they leave aside aspects in everyday life that make all the difference, such as adopting a 'security posture', whose measures range from the implementation of training for users in order to teach them good practices regarding the topic , such as not sharing passwords, conscious use on networks, identifying false links, among other actions.

It is important to emphasize that, for the concept of cybersecurity to be well directed and applied, the organization needs to have this rooted in its culture – which is not yet a reality in most companies. The absence of a governance, risk and compliance area, better known as GRC, also prevents many companies from actually performing better, since the team does not have extensive knowledge and understanding of the impacts and risks that actions day-to-day activities can play in the areas as a whole.

Therefore, for cybersecurity measures to have the desired effect, it is crucial that this investment is made constantly. And to this end, senior management's commitment to transparency of rules, clarity of processes and standardization of internal controls is essential to disseminate the culture of compliance to the entire operational team. The first step towards this is, without a doubt, having a well-established organizational culture that aims to identify and address the root causes of problems before making a decision without considering the risks involved.

Currently, there is a range of cybersecurity services and solutions on the market, but none will be able to shield potential threats on their own, without the organization as a whole acting towards the same common objective. And, contrary to what one might imagine, establishing changes does not need to be complex, but rather be effective. On this journey, having the support of consultancies specialized in this approach and service is an important ally.

The year 2024 is beginning, and with it comes a scenario of optimism in the market. However, virtual threats will continue to be part of the daily lives of companies, which will need to be aware and supported. And, so that they can be protected and apply the concept of cybersecurity in compliance, it is crucial that they have applied well-established governance management. After all, only those who are sure their brakes can accelerate can accelerate.

*Renata Barros is the legal and GRC director at Skyone.

*Tailan Oliveira is Vice President of Growth at ALFA Sistemas.

Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies

quick access