General 2min de Leitura - 21 de September de 2020

What to learn from other companies’ major catastrophes of digital security breaches

This post is also available in: Português English Español

There are always those who read about security breaches and cyber attacks and mistakenly perceive this as something far from their reality. The opinion seems to change only after being impacted in some way, through the need to take reactive attitudes to solve the problem. In these circumstances, possibly, the company has already had compromised deliveries, financial impact and even greater damage associated with its brand and reputation. After all, who would like to do business with a “passive” company when it comes to digital security?

Some studies show that 56% of companies look for security solutions only after they have suffered some type of data breach or compromise. In general, they were victims of unavailability of services, unauthorized transactions or workstations attacked by ransomware – which is the hijacking of files, whose access is released again only after payment of ransom. It happened in late October with the City Hall of Barrinha, in the interior of São Paulo. City administration computers were blocked, and criminals called for ransom in bitcoins. They even sent an email directing payment with this cryptocurrency. As a result, the payment of 1,000 city hall workers was made late – and manually. Invoice issues, permits and certificates were also paralyzed for a few days, forcing mayor Maria Emília Marcari to declare an emergency situation.

A Brazilian company called Companhia Docas do Estado do Ceará (CDC) experienced a similar problem. The institution was the target of a cracker attack in which the data on the servers were encrypted, becoming inaccessible to employees. CDC is a state-owned company that manages the Passenger Maritime Terminal (TMP) of the Port of Fortaleza. According to investigations, the attack had evidence that leads to believe that it was carried out by specialized crackers, far from any amateurism, since the encryption system used is one of the most advanced on the planet, used in several US government agencies. The Federal Police instructed that CDC employees should not contact criminals – let alone try to negotiate.

Even companies that experience the world of security can be attacked. This is the case of Prosegur, which was invaded by Ryuk ramsonware in late November. With 170,000 employees located in several countries, it is one of the largest suppliers of security cars around the globe. To avoid further damage, it was necessary to shut down the IT department and dismiss the employees. According to the company, this drastic decision was a way out to prevent the virus from spreading to other internal and external systems.

Nonprofit institutions are also at the mercy of attackers. The online encyclopedia Wikipedia was the victim of a distributed denial of service (DDoS) attack that brought down its website in Europe and the Middle East. DDoS is an overhead intentionally caused on a server or computer so that your system’s resources are unavailable to its users. Germany, France and Italy, for example, were some of those affected by the attack – but at different times. Although Wikipedia guarantees that it constantly strengthens its defenses to prevent such actions, the problem happened and there is no information on the culprits or whether the attack has spread to other regions.

If the situation is worrying abroad, in Brazil the numbers are also alarming. Several independent surveys point to the country as a favorite target, recording millions of attacks a year. News that Brazilian politicians – such as the Minister of Justice, Sérgio Moro, and ministers of the Supreme Federal Court (STF) – had their data invaded were common this year, which turns on the red light on the issue of digital security for everyone living in the country. The solution? Understand that the protection of confidential data must be a daily practice, treated in a professional and preventive manner. How? With the help of companies that are a reference in the industry, with OSTEC, with products and services specialized in digital security to ensure total protection for your results.Visit our website and discover our solutions.

This post is also available in: Português English Español