In June, the giants Honda and Natura went public to confirm that they had suffered a cyber attack. At Honda, global production of automobiles and motorcycles has been suspended to ensure that quality control systems are not compromised. Although most plants have resumed operations, operations in four countries have been halted for longer because ransomware would have damaged production systems. Natura reported that some systems in the IT environment were affected, which partially interrupted its operations. Avon, one of Natura & Co's brands, was still evaluating the extent of the attack in the first half of the month. News like this tends to be more and more recurrent as the “attack surface” expands, that is, the greater the digitization of companies' processes, the more likely digital criminals will have to attack. “This attack surface is directly proportional to the number of digitalized services and the level of connectivity of the companies. In addition, the SEC and CVM, responsible for the capital markets in the United States and Brazil, respectively, have clear guidelines that listed companies need to disclose. relevant facts to the market and cyber incidents are part of the package. ”explains TI Safe CTO Thiago Branquinho.
In the past three years, since the global WannaCry ransomware attack, cyber attacks have been improved: new vulnerabilities are being exploited; the data, in addition to being encrypted, are stolen (for later extortion crimes); the forms of distribution of malware have been expanded, with attacks of the type fileless, in which there is no copy of files to the victim's machine, which makes identification difficult, and unauthorized encryption in Backups became a measure adopted to prevent the return of the systems to operation.
Experts say that ensuring security for companies' computer networks is as important as property and work security. “The protection of material goods and people's lives is not in question. And now, more and more with digitalized processes, cyber security becomes a condition sine qua non for the continuity of the operation ”, says Thiago.
The sophistication of techniques, tactics and intrusion procedures require companies to pay attention to threats and identify weaknesses in the infrastructure that leave loopholes for cyber attacks.
People, technology and services form the basis for protecting the operations of critical infrastructure industrial systems. Therefore, attention to individuals is essential. “Training employees, establishing authorization levels for access to information, investing in the improvement of IT and TA professionals are ways to protect one end of a company's vulnerabilities”, quotes Thiago.
TI Safe recommends the adoption of some measures, considering individuals with access to a company's networks:
- Establish the principle of least privilege: users must access only what is necessary to carry out their work.
- Make users aware not to open emails from unknown sources - and be wary of attachments from known sources.
- Have a strict policy of using third party machines and remote access to the network. Ideally, these networks should be segregated from the corporate environment by a next-generation firewall.
- Perform continuous monitoring of IT and TA security tools to continuously improve controls.