Bruno Telles, COO of BugHunt and security expert, provides tips for companies to deal with the main cyberthreats predicted for the second half of the year.
The war between Russia and Ukraine has been happening through military action and missile fire, but it also takes place through another means: Cyber. The Ukrainian government has reported that it has suffered several attacks on its Russian-sourced technological infrastructure, and according to the Fitch agency, the conflict has also raised the risks of global cyberattacks directed at targets that are not necessarily on the front lines of the war.
In other words, companies worldwide, including Brazil, need to pay attention to preventing cybercrimes in all their processes.
That is why it is essential for security in the sector to be democratized, uniting organizations and experts. Thinking about the most favorable cybercrimes, BugHunt, the first Brazilian Bug Bounty platform, has listed the main cybersecurity trends for the coming months. The objective is to raise awareness among both companies and users.
Bug Bounty
Cybersecurity is already a priority for many Brazilian corporations due to the exponential growth of cyberattacks in recent years, which showed the need for risk management. In this regard, Bug Bounty, a rewards program for identifying flaws, is an effective solution to fight cybercriminals because it targets hackers in favor of those who use it.
Bruno Telles, COO, BugHunt, said: “Hackers registered in the program identify bugs in systems, applications, websites and physical devices, such as totems and card machines. The focus is to identify flaws that may cause risks to companies, such as data leakage that impact the Brazilian General Data Protection Law (LGPD, in Portuguese), invasion, ransomware attacks or other vulnerabilities.
“The company that hired the service then evaluates the submitted vulnerability reports and, if approved, the researcher receives his reward.”
For the COO, the increase in attacks will continue to put cybersecurity in the spotlight and become a concern for organizations.
“This should increase the demand for cyber insurance and new solutions for identifying and managing risks, such as the bug bounty itself,” said Telles.
Compliance with LGPD
Some companies still see information security and data privacy as an expense, not understanding that these factors can help maintain a more solid operation, providing the basis for the organized growth of processes and, consequently, revenue.
However, the main cybersecurity issues faced by organizations in 2021 were precisely information leakage and ransomware attacks, which sparked a red flag for many of these groups.
To avoid further financial, image and reputation losses, adapting to the LGPD in Brazil must be one of the goals for corporations in 2022.
“Cybercrime has been evolving and has gained speed during the pandemic. Criminals use technical vulnerabilities to attack systems and infrastructure to achieve their goals, being information theft or even ransomware deployment,” explained Telles.
“In addition, they use human vulnerabilities aiming to trick users into taking previously foreseen actions and may also compromise the security controls implemented in a company. With full compliance with the LGPD, the company is one step ahead of cybercrime.”
Basic security actions
In the same way that compliance with LGPG is one of the ways to ensure cybersecurity, there are initial actions that are fundamental to face the problem before thinking about more complex issues. In this regard, the consequences observed in 2021 with these crimes should move users and professionals who were not aware of these dangers until then.
“That is why companies need to hire cloud infrastructure, invest in massive employee awareness and apply controls at all stages of processes and projects,” said Telles.
“Organizations should also consider implementing processes to identify vulnerabilities and risks to systems, information and the operation itself, such as implementing Bug Bounty programs.”
Artificial Intelligence (AI)
In addition to attacks, cybercriminals are using more complex strategies to commit crimes. One of them is AI, which is, for example, the use of deepfake, a technique for synthesizing human images or sounds.
“With the adoption and development of AI, cybercrime will also take advantage of it, with attempts to fake facial recognition, apply scams involving CEOs’ voices and request financial transfers. Therefore, developing this technology is also making a barrier against cyberattacks,” said Telles.
For Telles, the security maturity of companies must constantly evolve through the awareness of new executives, who understand the need for and importance of implementing processes related to the topic, or through the implementation of the LGPD, which requires several necessary actions to ensure the protection of personal data managed by corporations.
“However, we still come across companies that see information security as an expense, not understanding that it helps keep the business more solid, providing the basis for organized growth and, consequently, its revenue,” concluded Telles.
About BugHunt
BugHunt is the first Brazilian Bug Bounty platform, a bug bounty program that unites companies committed to the information security and privacy of their users and customers with industry researchers. Focusing on innovation for the recognition and resolution of bugs and vulnerabilities, it aims to democratize access to data security.
Through public and private programs, BugHunt manages the definition of scope and reward, the choice of experts, the evaluation of reports, and the verification and correction of flaws in the evaluated services.
Click below to share this article