*By Mário Gama
Cyberattacks are increasingly dangerous and consistent, causing losses to many companies, such as loss of brand reputation and reliability. According to a survey by Cybersecurity Ventures, cybercrimes are expected to cause losses of US$ 8 trillion in 2023 and are expected to grow to around 15% by 2025.
To prevent attacks from happening, companies need to protect themselves against all possible risks, as it is enough to have a vulnerability, a flawed process or an outdated tool to create an opening for cybercriminals. In this sense, technological security is a great ally in ensuring the security of a company's data and systems, contributing to the entire operational process.
The types of cyberattacks and their impacts
When considering the possibilities of cyber attacks, it is possible to identify two main types of situations. The first of these is the non-targeted attack, which occurs in an automated way, usually with robots, and takes advantage of a lack of security in the companies' systems, carrying out several invasion attempts.
The second type is the targeted, or persistent, cyber attack, in which the hacker studies the company, identifies key people and the business model, to finally implement the attack focused on the specific segment. In this model, risks generally arise through an email to an employee and can even change the organization's payment information.
Therefore, when being the target of a cyber attack, companies can suffer business impacts, especially in relation to reputation and losses. Furthermore, the operation itself can also be interrupted and result in financial losses and reduced sales. In this way, the relationship with the customer can also be undermined, as reliability becomes vulnerable.
According to a survey by McKinsey, approximately 72% of small and medium-sized companies, when they suffer an attack, close their operations within a period of up to two years. In other words, the preservation and legacy of a business can also be affected, reiterating the importance of investing in cybersecurity.
How to reinforce technological security in companies
The Microsoft Digital Defense Report 2022 survey shows that, throughout 2022, 37 million threatening emails were blocked and more than 43 trillion cybercriminal activities were evaluated per day. Taking this data into consideration, promoting the cybersecurity of systems in institutions is essential and, to be even more effective, it is recommended that there be an investment in the “people, processes and technologies” pyramid.
Firstly, a company's employees must be aware of the risks and impacts of a cyber attack, as well as the necessary precautions to avoid them, maintaining a safe and reliable work culture, with compliance with regulations and rules. It is also necessary to define appropriate processes for transferring the company's data, which must be supported by technologies that help maintain a high level of security.
Currently, there are a series of tools, solutions and manufacturers on the market that serve the most diverse segments, increasingly allowing secure integration between systems. Likewise, many technologies today feature a threat intelligence layer, where information is evaluated using artificial intelligence.
Therefore, working with the components of the triad of people, processes and technologies is vital, since, by failing to cover any of these points, a susceptible path is opened for the hacker to attack the business environment. Furthermore, one of the main concerns of companies must be compliance with the requirements of the General Personal Data Protection Law (LGPD), which ensures regulations aimed at data security.
How to recover from a cyber attack?
Despite companies' efforts and updated tools to reinforce technological security, any company is susceptible to an attack.
Therefore, the main strategy that companies must develop is prior preparation for any attack, in addition to preparing crisis planning, which must be supported by a company specialized in crisis processes. Advisory (assessment of the technological environment and strategic planning for business), digital evolution and security, in order to avoid loss of reputation and reliability of companies.
*Mário Gama is LATAM Cybersecurity Director at SoftwareOne, a leading global provider of end-to-end solutions for software and cloud technology.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies