Coronavirus vs. cyber environment: do you know how to protect your company?

From the physical world to the virtual at the snap of a finger. Yes, covid-19 has caused cyber risks to triggerthe red light on corporate agendas. If cyber-attacks were already considered one of the great risks of today, now the situation has become considerably more critical.

In Brazil, the number of digital devices in use already exceeds the number of Brazilians. Add to this the increase in the volume of strategic information circulating on the network, in times of quarantine for prevention of the coronavirus and, consequently, home office. All of this creates a scenario of greater vulnerability that is a perfect opportunity for virtual crimes, of the most varied types and proportions.

“The need for companies to adopt a strong digital information security strategy has never been greater than now,” explains Eduardo Damião, Cyber Risk Insurance specialist at Horiens.

The scale of the problem
We already know that long before the new coronavirus, cyber risks already helda captive place on the list of great risks of the century. To get a brief idea, the FBI’s Internet Crime Report has consolidated 2019 data on more than 400,000 reports from around the world, which added to more than $3.5 billion in damage to victims.

Brazil is an important target of cyber-attacks. A Symantec study shows that the country is among the main targets and ranks 4th in cyber-crimes, behind only the United States, China and India.

In the midst of the current crisis, a report from the World Economic Forum, released last March, includes cyber-attacks among the risks that could have negative impacts on various sectors over a 10-year period. According to the report, 75% of the approximately 750 experts and leaders consulted expect an increase in attacks in search of data or money in the current scenario.

Another study, by Apura Intelligence, a Brazilian consulting firm specializing in digital security, released data that account for more than 63,000 potentially fraudulent events mentioning the word coronavirus in Brazil.

As you can see, there is no shortage of data to warn of the potential growth of cyber risks.

But what are the most recurring cyber risks?
We are talking about situations that involve everything from data theft to invasions and sabotage of infrastructure, energy and supply systems or even financial systems, for example, with the potential to have an impact on society and the economy in general. The consequences can be localized or of gigantic proportions. They all, in some way, bring losses.

According to data from the FBI’s Internet Crime Report – a report cited above – approximatelyhalf of the losses computed in 2019 occurred from Business E-mail Compromise (BEC) type frauds, when the scammer deceives a company’s employees by means of e-mail messages so that payments aremadetoaccounts controlled by hackers. There are more advanced modalities of this type of scam, with invasions of a company’s network to seek information on payments and suppliers.

In 2020, the fight against the coronavirus eventually created the ideal environment for hacker attacks. Covert files that use the name coronavirus are scattered across the network – but don’t be fooled and be careful – often the purpose of these files is to damage or encrypt data.

Among the most common cyber-crimes, both for users and businesses, are the so-called DDoS, denial of service attacks carried out by overloading company servers, taking services off the air. This form of crime has a direct impact on operations, causing financial losses. But the problems do not stop there: often this type of crime is a distraction planned to take the focus off IT security and open territory for the application of more elaborate scams.

The list of possible crimes also includes data hijacking (ransomware), system intrusion, installation of vulnerabilities, data or personal content leakage, compromise of security systems, among others.

Undercover e-mails with unknown senders or bots, the so-called internet robots, are examples of strategies used by hackers to commit cybercrimes.

How to protect yourself?
Experts show that the question is not “if” the company will suffer a cyber-attack, but “when”. In the age of information in which we live, it is necessary to look at the subject, to understand the risk and its consequences, from end to end.

This includes actions such as constantly updating technology systems, periodically reviewing the company’s digital security policy, educational campaigns for employees and hiring specific insurance, for example.

“The demand for cyber risk policies is higher than before. Companies need to assess their exposure first and then transfer part of these risks to an insurance policy that best meets their needs. Even if not all risks are transferred, through insurance there is mitigation of possible damages/complaints. The theme requires attention and action from companies,” concludes Eduardo Damião.