*Per Daniela Costa
Paying criminals is no guarantee of having the data stolen back
Global survey conducted by Kaspersky, one of the most renowned companies in the area of Internet security, pointed out a worrying data in relation to Brazil. More than half of Brazilians who had their data hijacked last year paid ransom, a total of 56%. And the end result is just as tragic: only about three out of ten people who agreed with the criminals' demands were able to access their information again.
These are worrisome figures that point to a logic that insists on being ignored not only by individuals but also by legal entities: that the correct strategy to be adopted in relation to the protection of sensitive information is the adoption of a preventive posture. Unfortunately, this absence of a culture of prevention is something that is very present in the behavior of Brazilians, in topics as diverse as retirement, health and insurance purchase.
The survey is focused on individuals, but the scenario is also frightening when taken to the universe of companies. According to a report by SentinelOne, only 26% of the organizations that made payments managed to unlock their files. The fact is that companies are made up of people, liable to fail and with reactions that are part of human nature. The commonplace “to err is human” takes on a much more dangerous dimension when applied to the IT security area.
Another recent survey, this one by the Japanese company Fujitsu, heard at the end of last year 331 senior executives in organizations from 14 countries present in the segments of financial services, retail, manufacturing and automotive, energy and utilities, and Government. The survey found that about 48% of employees who do not work in the areas of technology resist talking about security threats for fear of reprimands.
It is clear that this behavior seriously compromises the security of companies, hiding possible vulnerabilities and making criminals' work even easier. Even among technical employees, the number of professionals who adopt this reactive stance is very high, standing at around 37%.
As can be seen in analyzing these two studies, it is no longer possible to postpone the dissemination of a culture of prevention, which effectively puts safety first, making it cease to be an absolute priority in theory and finally arrive at practice through planning and implementing robust strategies capable of drastically restricting the vulnerability of people and companies.
* Daniela Costa, Vice President, Latin America, Arcserve
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies