Cybersecurity professionals point out that the country needs heavier investments in the sector and integration between public and private.
It is not news that Brazil is very susceptible to cyberattacks but a study from the International Telecommunications Union (ITU), an agency linked to the United Nations (UN), revealed that there is already a movement of change in this scenario.
According to the institution, the country made a significant leap in the world ranking of cybersecurity, going from 71st position to 18th position among 194 countries analyzed. In terms of the Americas only, Brazil reached third place.
Denis Riviello, Head of Cybersecurity, Compugraf, said: “This rise is crucial and was expected not only because of the maturity reached by some private companies but also by several government agencies that have been working on the issue.”
The professionals from the sector reinforce that there are still many issues to be addressed in the country.
“Brazilian corporations increasingly need to invest in order to close the gap between cybercrime and controls, as these attacks evolve as quickly as the technology itself,” said Bruno Telles, COO of BugHunt, the first Brazilian Bug Bounty platform.
According to Julio Cesar Fort, partner at Blaze Information Security, a global company specializing in offensive security with a focus on pentest, most organizations see the topic only as a cost.
“We still lack the vision that it is a way to guarantee the well-being of the business,” he said.
The cause of the irregularity in cybersecurity investments in different national territories is a consensus among specialists regarding the lack of communication between the public and private sectors.
Fort exemplifies this by showing that the most powerful country has the presence of the theme in its defensive tactics.
“Unlike countries like the US, where the Internet and cyberspace are considered one of the domains of war in their military doctrine, in Brazil, there is little apparent integration between military forces, intelligence and government agencies and companies,” said Fort.
Riviello adds: “Brazil lacks synergy and, at the same time, greater legislative adequacy. Recently, some moves have taken place in this direction, with the LGPD (Brazilian General Data Protection Law), but it is a unique situation.
“In a broader context, regarding the private and public spheres, there is a lack of partnerships in terms of development, collaboration and rules handled by a large committee. Today, this mission is centered only on specific bodies, which are independent and do not share information.”
Awareness of the importance of cybersecurity
A survey released by Sophos revealed that 55% of the 200 Brazilian corporations interviewed suffered ransomware attacks in 2021, compared to 38% in the previous year.
In addition, the Center for Studies, Responses and Treatment of Security Incidents in Brazil (CERT.br, in Portuguese), linked to the Brazilian Internet Steering Committee (CGI, in Portuguese), points to a large number of attempted cyberattacks in the country since 2012.
It is a scenario that will not change if there is no collective awareness of the seriousness of the matter.
“The ITU data is relevant, but we will only be able to become a reference point in terms of protection if managers include the theme in their strategic planning. Unfortunately, those who do not do it for good have a great risk of going through incidents that will eventually force them to pay attention to the matter in the worst way,” warned Telles.
“Basic and incisive policies need to be implemented before the need for damage remediation. An example is the Cyber Essentials scheme of the British government. It reinforces the execution of basic cyber ‘hygiene’ to small and medium-sized companies that do not have large budgets to invest in computer security, being a contractual requirement for suppliers of the state,” said Fort.
According to Riviello, those involved (government agencies and the private sector) must understand that information sharing and cybersecurity initiatives benefit everyone.
“If we consider the size of our nation and the possible threats, we are still underinvesting,” he said. “Therefore, the union of the public and private sectors and the population is the first step to promote more actions that ensure strict cyber defenses.”
About Blaze Information Security
Blaze Information Security is one of the leading global companies specializing in offensive security and focusing on pentest (intrusion testing) and secure development against cyberattacks. The company stands out for being able to anticipate the creativity of cybercriminals’ strategies by having experienced professional hackers on its team, delivering to its clients tailored, complete and safe planning.
The brand has become a reference in the information security segment for serving the principal players in the financial, oil, insurance, e-commerce and startup sectors. With a global presence in countries such as Germany, Poland, Portugal and Brazil, the company is preparing to expand its operations in the North American market and other Latin American countries.
About BugHunt
BugHunt is the first Brazilian platform for Bug Bounty, a reward program for identifying flaws, uniting companies committed to the information security and privacy of their users and clients with researchers in the industry.
With a focus on innovation for the recognition and resolution of bugs and vulnerabilities, the startup aims to democratize access to data security. Through public and private programs, BugHunt manages the definition of scope and reward, the choice of experts, the evaluation and triage of reports, and the verification and correction of flaws in the evaluated services.