Perimeter 3min de Leitura - 21 de September de 2020

Why should companies invest in identifying and preventing virtual attacks?

This post is also available in: Português English Español

If you still wonder if you need to invest in identifying and preventing virtual attacks, we’ll bring some data to make our analysis more accurate and grounded, and from there you can draw a conclusion about that need.

  • In the year 2017 approximately 62 million Brazilians were victims of virtual attacks, this represents 61% of the population with Internet access in the country.
  • Each victim lost an average of 34 hours of the year as a result of the attacks.
  • The damages caused by cybercrime in 2017 reached only US $ 22 billion in Brazil, according to the Norton Cyber ​​Security Report.
  • It is estimated that by 2019 losses from cybercrime could reach $ 2.1 trillion, according to Cyber ​​Handbook studies.

As you may note, cybercrime is present and causes more damage than we imagine. And the more society advances and technologies evolve, the more data is shared, the more we depend on technologies and the greater the chance of suffering from virtual attacks.

In this scenario, the question may no longer be “why should companies invest in identifying and preventing virtual attacks”, instead, why is not your company still being forewarned?

Continue reading this content and deepen your knowledge on the topic.

Damage generated by lack of prevention

Everyone knows that famous phrase that says “prevention is better than cure”. A global survey conducted by the audit, consulting and outsourcing firm Grant Thornton even found that while companies are aware of the risks of cyber-attacks, 52 percent still do not invest in any kind of prevention.

This study also cites the areas most susceptible to cyber attacks, like financial services (45.8%); health care (23.7%); energy (23.3%); consumer goods (22.4%); education (22.1%); travel, tourism and leisure (19.8%); agriculture (17.9%); productive sector (16.3%); technology, media and telecommunications (13.0%); transport (11.3%); real estate and construction (6.2%) and professional services (4.8%).

The research referenced here goes even further and presents managers’ insight into what the major damages that can be caused to a company suffering from virtual attacks. Such as:

  • Loss of companies’ reputation (29%);
  • Time spent on damage management (26%);
  • Customer loss and turnover (16.4%);
  • Removal costs (12%);
  • Direct loss or turnover (7.4%);
  • Competitiveness (3.6%) and
  • Customer behavior change (3.1%).
  • In addition, there may be more consequences resulting from virtual attacks, such as loss of business-sensitive data, whether from customers or procedures and operations. This issue should receive special attention, since with the approval of the Data Protection Law, companies become responsible for the information they store.

Cyber-attacks still often compromise the organization’s infrastructure, because as malware moves in, they infect other software and hardware, slowing down their processing capabilities and slowing them down. This is just one more possible reflex and something that can cause severe damage to a company’s productivity.

And, as if that were not enough, these types of attacks generate costs associated with re-establishing the operation in all affected areas. Machines and software will need to be updated; new security routines will have to be implemented. That is: remedy comes out much more expensive than to prevent.

Identifying and PreventingVirtual Attacks

There are a number of attitudes that technology professionals can take to ensure the safety of corporate data. This goes from employee education to the implementation of routines and acquisition of hardware and software capable of blocking threats.

The most common and effective way is through the configuration of Firewalls with technologies of identification and prevention of attacks (IDSand IPS). These features work together to provide an extra layer of protection for the corporate network.

IDS, Intrusion Detection System, is used to monitor network traffic by detecting and alerting when attacks are suspected. IDS, as the name suggests, only detects the threats and, most of the time, does not block or prevent any action, only verifies if it is a possible threat and alerts the administrator, which is their main characteristic.

On the other hand, the Intrusion Prevention System (IPS) is a better tool, capable of identifying a threat, analyzing its level of criticality and blocking certain events. Therefore, it is a means of active prevention, since based on its logs and configurations can generate specific answers for certain types of alerts.

IDSand prevention (IPS) modules can be hosted either on the host, on the computer, or on the network, on a switch or router, for example. Through the combination of these solutions the IT professional can have a protection service resistant and adjustable to their needs.

Prevention is the best medicine

In the field of information security this maxim is a constant. The implementation of prevention systems are practical solutions, which can guarantee process efficiency, data preservation, stability in systems and applications and thus ensure the success of an organization.

In short, with the ease of getting support from professionals and companies specialized in information security, there is no longer any justification for a company to postpone investment in identifying and preventing virtual attacks. Doing so is entering an unprotected battlefront and cheering for not being targeted. And companies striving for excellence can not just count on luck.

This post is also available in: Português English Español