In the image you can see a person in front of several computer screens. The image is to illustrate the article about the digital security barometer research.

Digital Security Barometer shows that 64% of companies in Brazil suffer cyber attacks

wanessa alves avatar
Research commissioned by Mastercard shows the panorama of cyber attacks on companies in Brazil. See the data

The study Digital Security Barometer, performed by Datafolha Institute at the request of Mastercard, points out that 64% of Brazilian companies are targets of fraud ou cyber attacks. The high percentage alerts us to another factor: companies' lack of preparation when it comes to digital security.  

Contrary to expectations, after around three years of the first survey, released in 2021, the percentage of cybercrimes increased by 7%. And despite the increase in the number of attacks and attempts to break into systems, 23% of companies interviewed stated that data protection measures are still not a priority in the budget.

However, 84% of companies recognize that cyber security It is an extremely important factor for its functioning, however, only 35% invest in its own sector to ensure data protection. 

Brazil is the 2nd country with the most cyber attacks in Latin America

With the growing number of cyber crimes registered in Brazil in recent years, the country has reached second place with the highest number of attempted attacks (103 billion) in Latin America and the Caribbean, second only to Mexico (187 billion). The survey is part of the FortiGuard Labs Global Threat Landscape Report, released in 2023, by Fortinet

In the image you can see a person in front of several computer screens. The image is to illustrate the article about the digital security barometer research.
The Digital Security Barometer survey was released in February this year. Image: Depositphotos

In addition to caring for customer information, cybersecurity is also necessary to protect employee data, a group that has also been the target of internet crimes. In 2022, 81% of malicious software attacks were mainly directed at employees as a way of accessing system vulnerabilities more easily and without raising suspicion. Additionally, 84% of companies analyzed suffered one or more systems breaches in 2022. 

To Fortinet's Executive Vice President of Products and CMO, John maddison, investing in staff training for possible attacks is one of the mechanisms to strengthen companies' digital security. 

Employees play a crucial role in preventing cyber attacks and this research draws attention to the need for companies to prioritize online security awareness and training services. Companies need to ensure that employees are their first line of defense.

John Maddison, Executive Vice President of Products and CMO at Fortinet

At Leonardo Linares, Senior Vice President of Products and Solutions at Mastercard Brazil, investment in cybersecurity should be seen as a business strategy and way to improve the customer experience. “It is increasingly easier to access information about new technologies, such as those based on Artificial Intelligence, and customers want these innovations applied in their daily lives”, said Leonardo Linares in a note.

What is cybersecurity?

Cybersecurity is the act of protecting servers, data networks, computer systems and mobile devices from threats and criminal attacks that could corrupt the security of information, such as personal, business, banking information and codes, for example. 

The photo shows a man looking at a computer screen.
Photo: Depositphotos

This type of security goes beyond creating or hiring protection software. The company needs to develop a culture of care inside and outside the business environment, also alerting customers.

As an example of this, it is often possible to see in the most different media, bank advertisements informing how and what forms of contact financial institutions use to prevent account holders from falling for scams. Something quite common in recent years. 

What are the main types of cyber attacks?

The image shows the outline of a person dressed in a hooded sweater in front of a screen full of numbers and codes.
Photo: Depositphotos
  • Theft and/or leakage of personal data;
  • Financial fraud; 
  • Invasion of computer systems;
  • Dissemination of viruses and malware;
  • DDoS attacks: when a system is accessed by several devices at the same time, causing the server to overload and taking it offline. 

Main cybersecurity mechanisms

With the evolution and availability of different types of technology, including artificial intelligence (AI), cyber attack mechanisms have increased. Therefore, it is extremely important that companies are prepared to defend themselves from possible attackers. Contrary to the criminal use of AI, some companies use the technology to improve their own security.

Mastercard, for example, uses Decision Intelligence (DI), a system with Generative AI which aims to improve data protections across the company's entire payments network. According to the company, the “technology examines an unprecedented trillion data points to predict whether a transaction is likely to be genuine or not”, highlighted the company in a publication.

In the photo, there is a black man, bald, wearing a navy blue suit. He is in front of a computer, tablet and cell phone analyzing data that appears on the monitor.
Photo: Depositphotos

Some time ago, we talked here about the different types of cybersecurity software that exist on the market. However, in addition to this type of protection, companies must pay attention to other mechanisms to improve data security. 

  1. Network security, with implementation of firewalls;
  2. Endpoint security: adhere to virus and malware protection software;
  3. Application security: frequently test the security of apps.
  4. Adhere to identification and access control systems for sensitive information; 
  5. Cloud security: investing in security methods for files saved in the cloud
  6. Training employees and creating awareness campaigns for the external public;
  7. Security analysis, something that must be done constantly; It is 
  8. Data protection strategy.

Data protection: what does the legislation say?

Brazilian legislation has mechanisms to protect and ensure the rights and duties of the population when contracting and using digital services, such as Internet Civil Landmarks, in force since 2014, and the most recent and famous, the General Law on Data Protection (LGPD), enacted in 2018, which determines how and what types of treatment information may receive. 

“Although awareness of attacks has grown, a considerable portion of companies still do not prioritize the digital security of their operations. It is a warning point in an increasingly connected society and with the population paying attention to the protection of their personal data”, assesses Leonardo Linares.

Digital security barometer shows that 64% of companies in Brazil suffer cyber attacks. Research commissioned by Mastercard shows the panorama of cyber attacks on companies in Brazil. See the data
Photo: Depositphotos

In addition to the LGPD and the Marco Civil da Internet, there is also an article in the Penal Code on the subject. The term cybercrime is something relatively new, however, anyone who thinks that there are no laws regarding illegal practices is mistaken. Article 154-A of the Penal Code defines a crime as the act of:

“Having hacked into another's computer device, whether or not connected to the computer network, through improper violation of a security mechanism and with the aim of obtaining, tampering with or destroying data or information without the express or tacit authorization of the device holder, or installing vulnerabilities to obtain illicit advantage”. In this case, detention could be from three months to one year, plus a fine. 

The length of detention may vary depending on how and against whom the crime occurred. Check out the summaries: 

§ 1 The same penalty applies to anyone who produces, offers, distributes, sells or disseminates a device or computer program with the intention of allowing the practice of the conduct defined in the caput.  

§ 2 The penalty is increased by one-sixth to one-third if the invasion results in economic loss.  

§ 3 If the invasion results in the obtaining of content from private electronic communications, commercial or industrial secrets, confidential information, as defined by law, or unauthorized remote control of the invaded device:  

Penalty - imprisonment, from 6 (six) months to 2 (two) years, and a fine, the conduct does not constitute a major crime.  

§ 4 In the case of § 3, the penalty is increased by one to two thirds if there is disclosure, commercialization or transmission to a third party, in any capacity, of the data or information obtained.  

§ 5 The penalty is increased from one third to one half if the crime is committed against:  

I - President of the Republic, governors and prefeitos;  

II - President of the Supreme Federal Court;  

III - President of the Chamber of Deputies, of the Federal Senate, of the Legislative Assembly of the State, of the Legislative Chamber of the Federal District or of the Municipal Chamber; ou  

IV - maximum leader of the direct and indirect federal, state, municipal or Federal District administration. "

There are also two other articles on the topic:

Art. 313-A: insert or facilitate, the authorized official, the insertion of false data, unduly alter or delete correct data in the computerized systems or databases of the Public Administration with the aim of obtaining undue advantage for themselves or for others or for cause harm. Penalty of two or 12 years, plus a fine. 

Article 313-B: modify or alter the employee, information system or computer program without authorization, or request from the competent authority. Penalty of 3 months to 2 years in prison, in addition to a fine.

Source: Mastercard, Court of Justice of the Federal District and Territories (TJDFT) e Fortinet 

See also: 

The different types of cybersecurity

HP cybersecurity report reveals pressure on security compromise

reviewed by Glaucon Vital in 21 / 2 / 24.


Discover more about Showmetech

Sign up to receive our latest news via email.

Leave a comment

Your email address will not be published. Required fields are marked with *

Related Posts