Lucas Galvão
While our connectivity is ever increasing, companies continue to face an increasingly complex and sophisticated cyber threat landscape. The previous decade was marked by large-scale security incidents, from corporate data breaches to devastating ransomware attacks. In 2024, the urgency to strengthen defenses against cyber threats is more pressing than ever, with companies looking for valuable lessons from past experiences.
The growing role of technology in all sectors has brought substantial benefits, but has also exposed companies to considerable risks. Cyberattacks have not only increased in sophistication, but also in frequency, targeting everything from small businesses to large corporations.
The continued reliance on interconnected systems and the explosion of remote working have further increased the attack surface, creating fertile ground for a variety of cyber threats. With more than 370 million intrusions into corporate systems, there was a 330% increase in the number of attempted cyber attacks in Brazil in 2020, according to research by Kaspersky.
Recent cases include ransomware attacks that paralyzed critical operations, data breaches that exposed millions of users’ confidential information and highly elaborate phishing campaigns that aimed to fool even the most experienced users. Even so, a study by the Ponto BR Information and Coordination Center indicates that only 41% of Brazilian companies have security policies.
Below, I talk about the main security flaws that should be avoided. Check them out:
- Lack of software updates: This flaw is not just a technical lapse, but a reflection of our relationship with temporality in the digital age. Postponing updates can be seen as a symptom of our culture that values constant innovation over maintenance. In digital security, as in life, maintenance and care are essential for well-being. The practice of regular updating is an act of preserving not just data, but the integrity of our digital infrastructure.
- Phishing and Social Engineering: These methods exploit human vulnerabilities, not just technical flaws. They are a reminder that cyber security is deeply rooted in human nature, in our social and psychological interactions. Awareness and training should focus on strengthening individuals’ ability to recognize and resist manipulation, integrating robust authentication strategies to protect against the exploitation of human trust.
- Weak Passwords and Reuse of Credentials: This common practice reflects our search for convenience in a complex world. However, every password is a symbol of our digital identity and our responsibility to maintain security. Strict password policies and the use of password managers are critical steps, but we must also recognize and address the psychology underlying our resistance to more robust security practices.
- Unauthorized Access and Poor Identity Management: In identity management, we find a critical point between the “need to know principle” and the “need to share principle”. The former limits access to essential information for each role. It’s like keeping secrets in different chests, giving the key only to those who really need it. The second, on the other hand, promotes collaboration, encouraging the flow of information where it is beneficial, such as opening doors to allow the exchange of ideas. The implementation of identity management systems is based on this balance. Granting access only where it is needed, following the “principle of least privilege”, minimizes risks. Reviewing who has access to keys and which doors are open should be a constant routine for managers. It’s about protecting our most valuable resources and enabling optimal collaboration for innovation and growth.
- Lack of Incident Response: Efficiency in responding to cyber incidents in 2024 is a crucial pillar for companies, as Hercule Poirot would say, “The method, the ordering of the facts, is the great secret.” Companies need to adopt a systematic approach, carrying out periodic simulations to improve procedures and ensure team readiness to face any cyber threat. In addition to the technical aspects, it is essential to consider the emotional and psychological impact of these incidents on the team and the organizational culture. The presence of specialized professionals, in-house or outsourced, to manage these incidents is fundamental in today’s cyber security scenario, representing an essential investment in business continuity.
However, the unpredictability of incidents such as cyber-attacks, espionage and even solar storm alerts makes us question our ability to anticipate and prepare for unexpected challenges. The fundamental principle of uncertainty prevails here, which makes it a priority to build robust, flexible and comprehensive business continuity plans, capable of adapting to scenarios that are not yet fully predictable.
Companies must therefore not only maintain operational integrity in the face of digital challenges, but also guarantee the resilience and well-being of their staff, navigating the uncertainties of cyberspace with strategy and management.
*Lucas Galvão is CEO of Trust Governance, a specialist in Cybersecurity, Corporate Governance and Leadership Development.