On January 28, we celebrate the International Day for the Protection of Personal Data, or Data Privacy Day. This date leads us to reflect on the importance of laws that safeguard the correct processing of private information in the most diverse countries.

Data Privacy Day began with an educational action by the Council of Europe, which began celebrating the date in 2007, and two years later, in 2009, the United States followed.

The purpose of Data Privacy Day is to make people aware of best practices for protecting their personal data in the online environment, especially on social media.

Nowadays, the day is celebrated in 47 member states of the European Union, the United States, and countries such as Canada, Israel, and Brazil.

We prepared this article to address topics related to Data Privacy Day. To facilitate your understanding, we divided our text into the following topics:

• Data Protection Day: Background
• How Data Protection Laws Work
• About GDPR
• LGPD: Brazilian Data Protection Law
• How to Protect Personal Data
• About senhasegura
• Conclusion

Enjoy the read!

Data Protection Day: Background

In April 2006, the Council of Europe chose January 28 to celebrate Data Protection Day. The date was stipulated in reference to Convention 108, established on January 28, 1981, which addresses the automated processing of personal data.

This document was signed by all member states of the Council in the period, to ensure the fundamental right to privacy, including good data processing practices.

Currently, it is celebrated to make people aware of its importance, taking into account that, every day, organizations collect and process more information, which needs to be monitored so that the rights of data subjects are not put at risk.

How Data Protection Laws Work

Data protection laws establish personal information protection policies, determining how corporations should treat the data of their customers, employees, and business partners.
In practice, it is necessary for individuals, companies, and governmental organizations to apply certain rules related to how they handle this information, such as collection, processing, and storage, to ensure compliance with current legislation.
Moreover, companies wishing to conduct business with another country must respect the data protection laws present in both nations.

About GDPR

European standards regulating the use of personal information in electronic environments are contained in the General Data Protection Regulation (GDPR), which requires the responsible use of personal information.

Its mass spread is still recent. For this reason, not all countries in Europe have adhered to the GDPR.
On the other hand, countries that conduct commercial transactions with European nations should pay attention to the requirements of the Regulation, which addresses criteria such as consent of owners, notification of data breach to authorities, and users’ rights, including:

• Being notified about the collection and use of their personal information;
• Requesting a copy and details on how the collection is performed, what data is being collected, and who has access to it;
• Requiring rectification of incomplete or incorrect data;
• Demanding that their data be deleted within 30 days;
• Restricting their personal information;
• Ensuring the transfer of personal data securely;
• Opposing the way data is used (except for information used by legal authorities).

LGPD: Brazilian Data Protection Law

The General Data Protection Law (LGPD) is Brazilian legislation that has the function of protecting the personal information of citizens living in Brazil. It details what personal data is and what information should be prioritized when protecting it.
According to the LGPD, even companies based outside the country must respect the rules established by the legislation.

How to Protect Personal Data

It is possible to have control over your data through good practices that reinforce its security.
Here are some of them:

• Keep your devices’ software up-to-date to prevent threats that could damage your devices and compromise your personal data;
• Verify that web pages are reliable before inserting your data, making sure that addresses start with http:// or https:// and that the lock icon or security certificate is present;
• Avoid exposing personal information on social media such as Facebook, LinkedIn, Instagram, and TikTok, and set up your privacy in posts;
• Do a general scan to know what data is being shared and, if necessary, disable options;
• Do not enter sensitive data on public Wi-Fi networks;
• Use strong passwords. For this, you can combine uppercase, lowercase, numbers, and special characters. It is also important to avoid obvious things like names, phone numbers, and dates of birth.

About senhasegura

We, from senhasegura, are part of MT4 Tecnologia, a group of companies focusing on information security, founded in 2001 and operating in more than 50 countries.

Our commitment is to provide digital sovereignty and security to our clients, grant control over privileged actions and information, and prevent data breaches and leaks.

For this, we follow the lifecycle of privileged access management through machine automation, before, during, and after accesses. In short, our initiatives aim to:

• Avoid interruption of companies’ activities, which may impair their performance and profitability;
• Provide advanced PAM solutions;
• Automatically audit privileged changes in order to identify privilege abuses;
• Automatically audit the use of privileges;
• Reduce cyber threats; and
• Bring organizations into compliance with audit criteria and standards such as HIPAA, PCI DSS, ISO 27001, and Sarbanes-Oxley.

Conclusion

In this article, we have shown the importance of Data Protection Day and laws related to the preservation of personal information, in addition to some measures that can be adopted to protect sensitive data.
Was our content relevant to you? Then share it with someone also interested in the topic.

Written by Priscilla Silva

São Paulo, January 20, 2023 – Based on final users reviews, senhasegura is listed in the recently published December 2022 version of the Gartner Peer Insights “Voice of the Customer” report for Privileged Access Management (PAM) as the only solution to achieve the highest recommendation rate among the 16 global vendors ranked in the document, scoring 5 out of 5 for the time frame of the analysis, starting in April 2021 and ending in October 2022.

Highlights include the “Product Capabilities” and “Support Experience” categories, each scoring 4.9 out of 5. Completing the list of rated categories are “Sales Experience” and “Deployment Experience”, equally scoring 4.8 out of 5, which leads senhasegura to the top result in all 4 categories compared to the other solutions.

The report also announces senhasegura as a “Strong Performer” vendor, exceeding the market average in Overall Experience. For Rogério Godoy, CMO at senhasegura, the commitment of the support departments to the users ensures that the solution holds a prominent place in the PAM market.

He says, “Previous reports from Gartner and other technology research firms have already made it clear that our service is a skill, a uniqueness. The successful execution of a product is the very least expected by consumers who make high investments in cybersecurity, and for us it is imperative that the needs and expectations of our customers are part of every stage of building what we offer.” And he adds: “From marketing, to sales, up to our platforms, it’s important for us to practice the idea of ‘otherness’, i.e., do we stop to think what are our clients preferences, what do they need, are we matching it? When the ‘Voice of the Customer’ results come in, we understand that we’re having a good dialog with our customers.”

What is Gartner Peer Insights?

According to the official description released in the report, “Gartner Peer Insights is a free peer review and ratings platform designed for enterprise software and services decision makers. Reviews go through a strict validation and moderation process in an effort to ensure they are authentic.” In addition to individual comments, the document is complementary to Gartner’s expert research and can play a key role in purchasing processes.

As standard Gartner methodology points out, only PAM solution vendors that obtain 20 or more published and eligible reviews according to the authenticity criteria, and 15 or more reviews that rate the Product’s Capability and Support Service during the 18-month timeframe are included in the report. Vendor partners and end users of companies with revenues of less than $50 million are excluded from the reviews. Learn more at the Gartner Peer Insights portal.

About senhasegura

senhasegura is committed to helping companies become more secure and resilient by stopping privilege abuse from inside and outside the organization. senhasegura’s award-winning 360º Privilege Platform addresses the entire privileged access management lifecycle, including before, during, and after access, and plays a critical role in implementing a robust zero trust architecture. Headquartered in Brazil, senhasegura is a global leader with customers in over 55 countries throughout Latin America, North America, Asia-Pacific, Europe, the Middle East, and Africa. The Company’s PAM solution is distributed through an international network of more than 150 value-added, trusted channel partners. For more information, follow us on LinkedIn, Twitter, Instagram and Facebook.

With the evolution of technology and the revolution in the information age, the concern with data security has become more and more constant for companies, governments, and users. Since data are fundamental assets for the growth of companies, investing in protection is essential in organizations’ routines.

As cyber threats and crimes increase, efforts need to be stepped up, putting effective security measures in place. Therefore, there is a need to have a team specialized in data protection within a company, regardless of the industry, that constantly works to secure the information, relying on an Incident Response Plan (IRP).
This way, the team can anticipate threats and develop the best actions to combat them immediately, without harming the company’s business.

For that, one needs to ensure this response plan works correctly, following the fundamental steps, and is well managed.

In this article, we explain what is an incident response plan, its benefits, and the important aspects of putting one together. Our text is divided into the following topics:

• What is an Incident Response Plan (IRP)?
• Why Is Incident Response Important?
• Understand the Six Steps of An IRP
• Most Common Cybersecurity Incidents
• Important Aspects of Putting an IRP Together
• Who Is the Team Responsible for the IRP?
• What Is the Relationship Between An Incident Response Plan and A Disaster Recovery Plan?
• What Is the Relationship Between An Incident Response Plan and A Business Continuity Plan?
• About senhasegura
• Conclusion

Enjoy the read!

What is an Incident Response Plan (IRP)?

The IRP is a formal document that contains a set of tools and procedures that must be adopted by the IT team to deal with company security problems. The purpose of these measures is to work on the prevention, identification, elimination, and recovery of cyber threats.

Moreover, they ensure that actions are taken as soon as possible, minimizing any damage to the business, which may include data loss, financial damage, and loss of trust by customers, suppliers, partners, and employees.

Now you know what an incident response plan is. Keep reading our article and understand why an incident response is important.

Why Is Incident Response Important?

A company that has an IRP is better prepared to deal with a variety of situations related to the security of its information. The best practices in the plan help the company to assertively anticipate and combat various threats.

By adopting these practices, the company ensures greater security of its information, prevents the payment of penalties on data recovery costs, and avoids financial losses. Here are other factors that show why an incident response is important.

Greater Data Security

The implementation of protection and backup, correction, and access management systems, as well as the correct management of information, generate faster actions to protect and contain incidents.

Cost Reduction

The costs of fighting incidents can be high due to regulatory sanctions, customer compensation, or the overall costs of investigating and restoring systems.

An IRP helps to reduce these costs as it constantly works to prevent problems. In addition, the losses are also minimized, since, in addition to minimizing costs, system downtime also decreases, limiting data loss.

It Maintains and Enhances the Company’s Reputation

Without the implementation of an IRP, controlling and combating threats becomes more difficult, which can lead to losses. This is because incidents do not only affect the technical aspects of the company but are directly related to business continuity.

Constant violations of an organization’s data diminish its credibility. Furthermore, it may lose investors and shareholders who stop believing in a flawed and easily breached business.

On the other hand, quick and effective responses to incidents demonstrate the company’s greater commitment to data security and privacy, which increases its credibility and reputation.

Understand the Six Steps of An IRP

To be successful in an IRP, one needs to follow some fundamental steps that are well-managed. The standard plan with these steps is based on the Incident Handler’s Handbook published by the SANS Institute.
It is a document with six steps to be followed when building the plan. These are:

1. Preparation

The first step in implementing the plan is defining a specific team to work with the incidents. The team will be responsible for creating the incident documentation, containing the protocols to be followed in the execution of the plan’s actions.

It is necessary to train the personnel assigned to deal with these situations following the company’s security policies. This helps to understand exactly the risks to which the company is exposed and the preventive measures to be taken in different situations.

An important action is to create incident response simulation contexts periodically in order to verify the effectiveness of the plan and improve it in case it is needed.

2. Identification

The responsible team must work to detect deviations from operations, seeking to identify incidents and define their severity.

In this detection, the type and severity of the problem are documented, as well as all the procedures that are being carried out in this regard. The formalization of this incident must answer the questions:

• Who?
• What?
• Where?
• Why?
• How?

3. Containment

After identifying an incident, the team’s next step is to work on containment, to avoid future damage of the same nature. This containment is divided into short-term and long-term procedures.

The short-term containment works on the immediate solution of the problem, trying to prevent possible damage from the attack, while the long-term one refers to more complex actions, which involve the restoration of the entire corporate system, aiming at its return to normality.

In addition to the short, medium, and long-term strategies, it is important to rely on a redundant backup of the files so as not to lose data necessary for your company.

4. Eradication

Once the problem is contained, eradication actions are initiated. At this step, the focus is on the complete removal of the vulnerability and the necessary measures to avoid a recurrence of the problem.

These actions can involve a change in authentication mechanisms, such as passwords and access permissions, or even a restoration of all affected systems in the company. The incident level and the most assertive action will be defined by using metric indicators, or KPIs.

5. Recovery

In this step, the team works to verify and correct threats that may have gone unnoticed in the previous step, that is, the remnants of the incident. A scan action and transport of backups into cloud systems can be one of the necessary measures in this process.

Also, the team assesses the performance of the previous step by analyzing the response time, the damage caused and the performance of tasks, so that new directions to be followed are defined.

6. Lessons Learned

For the team to be prepared for future problems and to reduce any errors, it needs to record the entire containment process performed, including the incidents and the procedures to combat them.

It is a very important step as it documents the entire process and provides a history of occurrences to aid future actions. It is also at this step that mistakes and successes are evaluated, which hindered or enhanced the development of actions.

Most Common Cybersecurity Incidents

There are many types of common security incidents, considered more or less critical, depending on the organizational decision and the company profile. Check some of them:

Data Breaches

A data breach occurs when the company faces a security incident related to the information that is under its responsibility, compromising the confidentiality, availability, or integrity of such data.

When this occurs, it is necessary to notify the control authorities as soon as possible, as well as the people affected, in addition to applying the appropriate technical measures.

Data Leaks

Data leaks are a cybercrime planned and executed by hackers, who access and expose sensitive data of individuals and organizations without authorization.

In practice, the malicious attacker breaks into a database and sells the information found on the deep web or uses it to threaten their victims.

Ransomware and Other Malware

Through ransomware, malicious agents hijack data stored on their victims’ devices so that they no longer have access to that information. In this way, they charge an amount for the ransom, usually using cryptocurrencies.

With this form of action, cybercriminals will hardly be tracked and the user will only have access to their data if they pay the required amount.

Corporate Espionage

Corporate espionage is performed in companies and industries to gain access to sensitive data, such as industrial secrets, strategic plans, bank information, or information about the organization’s customers, ensuring competitive advantages.

OPSEC Failures

OPSEC is a security management process that enables an IT team to view information and systems from the perspective of potential attackers in order to classify information and protect it.

Nevertheless, for this protection strategy to be effective, it is necessary to implement certain practices, such as ensuring access with fewer privileges.

Email Spoofing

Malicious users can tamper with emails and disguise themselves as legitimate senders to apply phishing attacks.

To do this, they often change message header information or include typos in the domain, but they can also present themselves as a legitimate domain or a random address, without reference to the domain.

Domain Hijacking

Another form of hacker action is domain hijacking, which consists of taking control of a company by falsifying the transfer authorization. To prevent this problem, it is advisable to keep your company’s domain locked.

Man-In-The-Middle Attacks

In this type of attack, hackers position themselves between the victim and a real institution, intercepting the messages and posing as the entity later.

Social Engineering Such As Phishing and Spear Phishing

Social engineering is a technique used by hackers who manipulate their victims to gain access to sensitive data.

In the case of phishing, the user is led to believe that they are in contact with a legitimate institution. Spear phishing, on the other hand, is a version aimed at professionals who work in a company and receive requests from criminals impersonating someone in the organization.

Exploits of Vulnerabilities Listed in the CVE

Common Vulnerabilities and Exposures (CVE) is the joint initiative of several technology and security companies, which list the main vulnerabilities and risks faced in the virtual environment.

In practice, CVE was born as a kind of guide that aims to help control the digital security of a company.

Exploits are programs or codes designed to take advantage of these vulnerabilities listed in Common Vulnerabilities and Exposures, as well as other cyber risks.

Typosquatting

In Typosquatting, malicious attackers register domains with poorly spelled names from known websites to induce users to disclose personal data, such as their credit card data.

Denial-of-Service (DoS)

In denial-of-service (DoS) attacks, hackers seek to overload a web property with traffic by disrupting the normal functioning of a computer or other device.

All incidents in the above list are very common and require security measures provided for in an incident response plan. Also, it is essential to keep in mind that small occurrences can generate attack vectors, so they must be monitored in real-time.

Another concern the security team should have is related to third-party suppliers, which may pose a risk to the company, as they might access confidential data.

In this sense, the recommendation is that your company has a supplier management policy, which makes it possible to evaluate their level of digital security and manage third-party risks. You can also hire suppliers with SOC 2 and ISO 27001 certifications, and ask them to know their information security policy.

Important Aspects of Putting an IRP Together

Following the IRP steps is critical to your success. However, the company needs to be aware it is not a fixed process and that it must be adapted to the organization’s structure.

Hence the importance of periodic assessments to constantly evaluate the plan, eliminate gaps, and adopt the necessary improvements.

To implement the plan, it is not necessary to have a large team of employees, but it is essential that everyone is properly qualified, trained, and has good tools to ensure the best possible results in carrying out the activities.

It is also necessary that other sectors undergo training so that they become aware of the company’s security policies and know how to proceed in the face of incidents and how to report them to the responsible team.

Who Is the Team Responsible for the IRP?

As we have already suggested, companies must hire qualified teams to deal with cyber incidents. This group can count on the following professionals:

Incident Response Manager

This professional is responsible for overseeing the response plan during the identification, containment, and recovery of an incident. Moreover, they may be responsible for reporting serious incidents to other company professionals.

Security Analysts

Their job is to work with the resources achieved during a cyber incident, in addition to deploying and maintaining technical and operational controls.

Threat Seekers

This function, usually outsourced by companies, provides threat intelligence, and can use specific solutions and the Internet to understand them. Therefore, it is possible to rely on tools that allow automatic monitoring of data leaks, security policies of suppliers and third parties, and leaked credentials.

It is worth mentioning that, for the security team to have an effective performance, it must count on the support of leaders and other departments of the organization.

After all, leaders are the ones who enable the necessary investments in the security area and the legal body has the function of clarifying legal issues related to data leaks and breaches.

The human resources sector can help remove employee credentials in the event of insider threats, while the public relations sector ensures the accuracy of messages sent to the media, customers, etc.

What Is the Relationship Between An Incident Response Plan and A Disaster Recovery Plan?

A disaster recovery plan is a document that provides for measures to be taken by companies in cases of incidents such as cyberattacks, power outages, and natural disasters.

This set of strategies minimizes the damage caused by the incident and prevents the company from remaining inoperative due to the disaster.

The incident response plan has the function of identifying a security event and putting an end to it. Therefore, the disaster recovery plan and the incident response plan should complement each other.

What Is the Relationship Between An Incident Response Plan and A Business Continuity Plan?

Another document associated with the incident response plan is the business continuity plan. Their functions are similar: to mitigate the impacts of incidents and keep the business operating, but they present some differences.

The incident response plan, as a rule, ensures more visibility and focuses on security events that directly affect data and network integrity and exposure to breaches.

On the other hand, the business continuity plan addresses different threats faced by the organization, whether related to employees, assets, or natural disasters.

About senhasegura

Senhasegura is part of MT4 Tecnologia, a group of companies focused on information security founded in 2001 and operating in more than 50 countries.

Its main objective is to ensure digital sovereignty and security for its clients, granting control over privileged actions and data and avoiding theft and leaks of information.

For this, it follows the lifecycle of privileged access management through machine automation, before, during, and after accesses. senhasegura also seeks to:

• Avoid interruptions in the activities of companies, which may impair their performance;
• Automatically audit the use of privileges;
• Automatically audit privileged changes in order to identify privilege abuses;
• Provide advanced PAM solutions;
• Reduce cyber risks;
• Bring organizations into compliance with audit criteria and standards such as HIPAA, PCI DSS, ISO 27001, and Sarbanes-Oxley.

Conclusion

In this article, you saw that:

• An IRP is a document that contains a set of tools and procedures that the IT team must adopt to deal with security issues;
• A company that has an IRP is better prepared to deal with a variety of situations related to the security of its information;
• Other factors that show why an incident response is important are: greater data security, cost reduction, and improvement of the company’s reputation;
• Knowing what an incident response plan is involves understanding its six steps. These are: preparation, identification, containment, eradication, recovery, and lessons learned;
• There are many types of common security incidents, considered more or less critical, depending on the organizational decision and the company profile;
• They all require security measures provided for in an incident response plan;
• For the implementation of the plan, it is necessary to have qualified and trained professionals who have good tools;
• These professionals can take on the following roles: incident response manager, security analyst, and threat seeker;
• The disaster recovery plan and the incident response plan should complement each other;
• The business continuity plan presents functions similar to the incident response plan.

Did you like our article that shows what is an incident response plan? So share it with someone else who may be interested in the topic.

ALSO READ IN SENHASEGURA’S BLOG

ISO 27001: 4 Reasons to Implement It in Your Company
What to Do to Prevent Social Engineering Attacks?
Top 5 Cyber Threats to Healthcare Organizations

Companies of all sizes and industries should be concerned about the impacts of a data breach, since, according to the IBM Cost of a Data Breach 2022 report, its average cost is $4.35 million, and 83% of companies had more than one breach.

With this in mind, we prepared an article exploring the main information collected by this document. To facilitate your reading, we divided our text into topics. These are:

• What Is the IBM Cost of a Data Breach Report?
• IBM Cost of a Data Breach 2022 report: What’s New
• Main Data Collected in the IBM Cost of a Data Breach 2022 Report
• Topics with Detailed Results
• Suggested Security Recommendations in the Report
• About senhasegura

Enjoy the read!

What Is the IBM Cost of a Data Breach Report?

The IBM Cost of a Data Breach report is an annual survey of data breaches, which provides insights into hundreds of breaches so that the public can understand current cyber threats.
With nearly 20 editions, this document provides IT professionals with tools to deal with security risks, showing which factors can favor or help prevent cyberattacks.

IBM Cost of a Data Breach 2022 report: What’s New

In its latest edition, the IBM Cost of a Data Breach report has conducted more than 3,600 interviews with professionals from 550 companies that suffered violations between March 2021 and March 2022.
The questions made during the interviews aimed to evaluate the costs of organizations to respond to data breaches in the short and long term.

What’s more: the report has assessed the causes and consequences of the violations that occurred in 17 industries located in different countries and regions, and addressed the impact of certain factors and technologies to reduce losses.

Here are some new things from the IBM Cost of a Data Breach report:

• The 2022 edition has brought analyses related to extended detection and response, the use of risk quantification techniques, and the impacts of individual technologies on zero-trust security structures;
• It analyzed what contributes to higher data breach costs and the effects of supply chain commitments and the gap in security skills;
• It examined areas of cloud security vulnerability to critical infrastructure;
• It assessed, in greater depth than in previous years, the impacts of ransomware and destructive attacks; and
• It studied the phenomenon of remote work, which many companies adopted due to the covid-19 pandemic.

Main Data Collected in the IBM Cost of a Data Breach 2022 Report

Check the key findings from the IBM Cost of a Data Breach 2022 report:

• The average cost of a data breach was $4.35 million in 2022, an increase of 2.6% over the previous year, when the average cost was $4.24 million;
  83% of the companies studied suffered more than one data breach and only 17% said this was their first breach;
• 60% of organizations had to increase the price of their services or products because of a data breach;
  The average cost of a data breach for the critical infrastructure organizations surveyed was $4.82 million – $1 million more than the cost for companies from other segments;
• 28% of critical infrastructure organizations have suffered a destructive or ransomware attack, and 17% have been violated because of a compromised business partner;
• Cyberattacks on companies with deployed security and automation AI cost $3.05 million less than violations on organizations that do not invest in these resources;
• The average cost of a ransomware attack fell from $4.62 million in 2021 to $4.54 million in 2022;
  Stolen or compromised credentials remain a leading cause of data breaches, accounting for 19% of breaches in the 2022 study;
• Leaks involving credentials are the ones that take the longest to be detected. On average, 327 days are required for identification and remediation;
• Only 41% of the organizations in the study have deployed zero-trust security architecture;
  Violations related to remote work cost, on average, about $600,000 more if compared to the global average;
• 45% of violations in the study occurred in the cloud;
• The average cost of health-related violations has increased by almost $1 million, reaching $10.10 million;
• The top five countries and regions with the highest average cost of a data breach were the United States, the Middle East, Canada, the United Kingdom, and Germany.

Topics with Detailed Results

The IBM Cost of a Data Breach 2022 report analysis 16 topics. These are:

• Global Highlights;
• Data Breach Lifecycle;
• Initial Attack Vectors;
• Key Cost Factors;
• Security and Automation AI;
• XDR Technologies;
• Incident Response (IR);
• Quantification of Risk;
• Zero Trust;
• Ransomware and Destructive Attacks;
• Attacks on the Supply Chain;
• Critical Infrastructure;
• Cloud Violations and Cloud Model;
• Remote Work;
• Skills Gap; and
• Mega Violations.

The following are five of these topics in detail:

Data Breach Lifecycle

We call the lifecycle of a data breach the time elapsed between the discovery of the breach and its containment.

According to the IBM Cost of a Data Breach 2022 report, the average time to identify and contain a data breach is currently 277 days. In 2017, the average time was 287 days, that is, 3.5% more.

In 2021, it took an average of 212 days to detect a violation and 75 days to contain it. In 2022, it took 207 days to identify the violation and 70 days to contain it.

The report has also shown that the less time an organization takes to identify and contain a data breach, the less its financial impact is.

However, the cost difference between a lifecycle of more than 200 days and a lifecycle of less than 200 days was lower in 2022 than in 2021: in 2021, the difference was $1.26 million, the largest in seven years and, in 2022, it was $1.12 million.

Incident Response

Relying on an incident response team reduces the average cost of a data breach and, according to the IBM Cost of a Data Breach 2022 report, 73% of the companies that participated in the survey claimed to have an incident response plan.

The report also pointed out that the average cost of a violation in these companies in 2022 was $3.26 million versus $5.92 million spent by companies without incident response resources, a difference of $2.66 million. In the previous year, this difference was $2.46 million, and in 2020, $1.77 million.

Zero Trust

The implementation of a zero-trust security architecture was performed by 41% of the companies that participated in the IBM Cost of a Data Breach 2022 report. In 2021, this number was lower: 35%.

The study also revealed companies that deployed zero trusts saved almost $1 million with data breaches when compared to those that did not invest in this concept.

This is because the average cost of a violation was $4.15 million in organizations with zero trust deployed and $5.10 million in companies that did not use the same approach.

When we talk about implementing zero trust in a mature stage, the economy is even greater, reaching more than $1.5 million. Companies with early-stage zero trust practices spent an average of $4.96 million on data breaches, while for those that had these practices consolidated, the average cost was $3.45 million.

Cloud Violations and Cloud Model

The Covid-19 pandemic has accelerated the mass adoption of remote work by organizations and, consequently, the use of technologies such as cloud computing, impacting cybersecurity.

However, the IBM Cost of a Data Breach 2022 report brings interesting data on the subject, which was analyzed for the second year: according to the document, 45% of violations occurred in the cloud. Moreover, the costs of breaches in private clouds are significantly higher than in hybrid clouds.

Another revealing fact is that 43% of companies claimed they were still in the early stages of their practices protecting cloud environments, showing that, in general, organizations still need to evolve a lot.

Nevertheless, the most worrying fact is that 17% of companies have yet to take any action to protect their cloud environments.

Remote Work

Since the beginning of the pandemic, the IBM Cost of a Data Breach report analyzes the impacts of remote work on data breaches. In its 2022 edition, the survey has shown data breach costs were higher for companies that have more employees working remotely.

In practice, companies that have between 81% and 100% of employees working outside the corporate environment had an average cost of $5.10 million. Companies with less than 20% of their team working remotely had to bear an average cost of $3.99 million, a difference of $1.11 million (24.4%).

In addition, the average cost of a data breach was $4.99 million for companies that had remote work as the cause of the breach, while this loss was $4.02 million when remote work was not the cause.

Suggested Security Recommendations in the Report

The IBM Cost of a Data Breach 2022 report also contains important security recommendations on its pages, which can help prevent problems with data breaches. Check them out:

Adopting a Zero Trust Security Model

According to the results of the study, organizations that implemented a zero-trust approach in their security at a mature stage have saved $1.5 million. Therefore, it is convenient to adopt this security model in your company to reduce the financial impacts of a data breach.

Protecting Cloud Environments with Policies and Encryption

Companies that have adopted mature cloud security practices have saved $720,000 compared to those that did not care about the subject. Thus, it is recommended to invest in security policies, data encryption, and homomorphic encryption to prevent data breaches.

Using Incident Response Manuals

Another highly recommended practice is to create and test incident response manuals, as companies that regularly test their plan have saved $2.66 million in violations over those that do not rely on an IR plan team or test.

Improving Incident Detection and Response Times

Added to security and automation AI, Extended Detection and Response (XDR) capabilities contribute to reducing the average costs of a data breach as well as its lifecycle. The study pointed out that companies with XDR deployed have reduced the lifecycle of a violation by 29 days, on average, when compared to organizations that did not implement XDR, saving $400,000.

Monitoring Endpoints and Remote Employees

Finally, the IBM Cost of a Data Breach 2022 report reinforces the need to monitor endpoints and remote workers, showing that violations caused by this modality cost almost $1 million more than violations in which remote work was not a factor.

About senhasegura

We, from senhasegura, are a company specializing in cybersecurity. Our mission is to provide our clients with sovereignty over their actions and privileged information.
To do this, we offer our PAM solution, which helps companies protect themselves from all the threats presented in the IBM Cost of a Data Breach 2022 report.

ALSO READ IN SENHASEGURA’S BLOG
ISO 27001: 4 Reasons to Implement It in Your Company
What to Do to Prevent Social Engineering Attacks?
Top 5 Cyber Threats to Healthcare Organizations

The cyberwarfare subject has come to light recently due to the attacks that preceded the conflict between Russia and Ukraine. However, this concept is not new and Ukraine is not the first country to suffer politically motivated cyberattacks.

Despite this, the definition of actions involving cyberwarfare still generates controversy among experts, and many people may confuse it with cyberterrorism, as we will explain in the next topics.

On the other hand, we know their damage exceeds a cyberattack action and involves specific motivations. 

In this article, we will address the concept of cyberwarfare, pointing out its objectives and how it can impact the lives of the population. We also bring numerous important statistics on the subject. To facilitate your understanding, we divided our text into the following topics: 

• What Is Cyberwarfare?

• What Are the Main Goals of Cyberwarfare?

• How Did It Emerge?

• How Does Cyberwarfare Happen?

• Most Common Types of Attacks in Cyberwarfare

• Government-Associated Hack Gangs

• Sectors Attacked in Cyberwarfare 

• Cyberwarfare Facts & Data

• Stuxnet: The Most Famous Event Linked to Cyberwarfare

• Is Cyberterrorism Synonymous with Cyberwarfare?

• Cybercrime, Cyberespionage, or Cyberwarfare?

• Cyberattack and Cyberdefense

• Cybersecurity as a Priority for Anatel (Brazil)

• Biden Executive Order

• Russia and Ukraine: Prospects for New Cyberattacks

• About senhasegura

• Conclusion

Enjoy the read!

• What Is Cyberwarfare?

Cyberwarfare consists of one or several cyberattacks that have targeted a country, which can impact its government and civil infrastructure and harm the state, even putting lives at risk.

Experts have not yet reached a consensus on how to define which procedures relate to this concept. 

The U.S. Department of Defense (DoD) understands cyberwarfare as malicious activities on the Internet that can threaten national security, without going into clarifying details about this definition. However, some interpret cyberwarfare as an action that can cause death. 

In cyberwarfare, one country attacks the other, promoting hostility, and often this initiative comes from a terrorist organization or non-state actors. 

Recently, several cases of cyberwarfare have been reported. However, there is still no unanimity when it comes to defining when a cyberattack is actually cyberwarfare. 

• What Are the Main Goals of Cyberwarfare?

There are several reasons for cyberwarfare. Malicious agents can often be determined to seek advantages in actual confrontations. This is what happens when the military centers of the countries are targeted by the attacks, which are intended to impact their strategy and operations.

Another goal of cyberwarfare is to impress people living in the target nation, causing problems for civilians, who may suffer from a lack of internet and energy, for example. In such cases, those who attack expect the government to be pressured by the population and do whatever is necessary to put an end to the conflict.

Another motivation related to cyberwarfare is the sabotage of adversary industries in order to make their projects unfeasible. 

An example occurred in Iran in 2010, when the Stuxnet virus was implanted in the control systems of the uranium enrichment centrifuges. The idea was to interfere with their engines and promote damage inside the plant.

As there was no internet access, it is believed the virus was implanted by an infiltrator. What’s more, we are talking about a highly complex threat, which was probably commissioned by a nation interested in impacting Iran’s nuclear actions. 

Cyberwarfare always results from the tension between the countries involved. The current Ukrainian war is a typical example: before the Russian invasion, this country was already the target of attacks on its digital systems, which may continue to occur. 

• How Did It Emerge?

The concern about cyberwarfare is recent. It was not long ago that people began to wonder if malicious agents could attack an entire city leaving it without electricity or making it impossible for a nation’s ATMs to work.

Nowadays, these are not only remote hypotheses but concrete facts. Despite seeming to be an element of a dystopian narrative, cyberwarfare is real, and its consequences go beyond what is usually reported as a hacker invasion. 

Although we do not have proven cases of deaths related to cyberattacks, a single malicious action has already caused the loss of 10 billion dollars. 

In practice, companies of all sizes may have their structures compromised to damage a government.

In addition, cyberwarfare is becoming increasingly threatening, especially with its frequent evolution in countries such as the United States, Russia, China, North Korea, and Iran. 

• How Does Cyberwarfare Happen?

To promote cyberwarfare, hackers can damage a country by attacking strategic targets and affecting the routine of the entire population or by reducing the resources of the armed forces in order to pressure their rulers to end the conflict.

This means they can act under the communications system of the target nation, even interfering with its media. Attacks that affect the supply of electricity are also common, causing great inconvenience to people. 

Another goal of cyberwarfare is to invade systems of rival nations by gaining access to strategic secrets and influencing their operations. 

Because of the potential of cyberwarfare, many countries rely on intelligence services that are tasked with preventing threats. Here’s how a cyberattack occurs:

• First, hackers evaluate existing information about their target in order to define their attack front. 
• Then, the weak link of the network is found, which can be done by different methods, such as replicating a website used by the victim, or sending an attachment with viruses in an email.
• Next, the malicious agent tries to exploit this vulnerability in order to gain unauthorized access.
• Finally, they perform the activity they want within the system.

• Most Common Types of Attacks in Cyberwarfare

Like the other hacker attacks, cyberwarfare can include a series of actions. One of them is overloading a web address, using several machines to access it.

With millions of access attempts per second, it is possible to paralyze the server that operates the resource and cause the service to stop. 

This type of action, in cyberwarfare, may have the purpose of taking government websites off the air to compromise services and information provided to the population and cause confusion.

Another common type of attack is fake news – rumors made public with the interest of causing disinformation, generating tension and distrust between people in relation to their rulers, so that they do not get popular support. 

In cyberwarfare, hackers can still act to get sensitive information from their target, such as strategic data about the war. 

Another very serious hacker action when it comes to cyberwarfare is the interference in the population’s infrastructure, which paralyzes services such as the distribution of electricity or the internet, in order to put the population against their government.

In addition to these two examples, hackers can interfere with drinking water distribution, security services, and the financial market. 

• Government-Associated Hack Gangs

The Russian government has taken no action against ransomware and cybercrime gangs installed in the country, and the favor has apparently been returned by the Conti gang in the current context of the Ukraine invasion.

This group was known to attack medical facilities and law enforcement agencies in 2020, exploit the Log4J vulnerability to carry out ransomware attacks and victimize the Irish Health Services Executive, among other targets.

Recently, the gang went public through its dark website, used to receive payments from its victims and post private documents from non-ransom payers, and announced support for the Russian government and the goal of promoting retaliation.

In turn, the United States government warned the country’s organizations to prepare for a possible response.

As we suggest, the Russian government chooses to ignore the actions of the Conti gang, however, it has been questioned whether this bond is not stronger than previously thought, due to the current patriotic position of the group.

In contrast, the Conti gang strengthens its independence from the Russian government while declaring itself protective of Russia’s peaceful citizens and promising to respond to Western attacks on Russian-speaking regions.

On the US side, the Anonymous group has demanded the removal of Russian ISPs and the Russia Today news website, under the threat of hacking into the website of the Russian Ministry of Defense.

A recent report pointed out that groups of hackers associated with the North Korean government are renting elite hacker tools and access to hacked networks from TrickBot botnet operators.

Anchor was apparently developed for hacker gangs interested in economic espionage and operators of POS malware lines, but would have been used by nation-state hacker groups. 

According to a report published by cybersecurity startup SentinelOne, the Lazarus Group – a cybercrime gang linked to North Korea – has allegedly rented access to an infected system through the TrickBot botnet and used the Anchor attack structure to install PowerRatankba, a PowerShell backdoor on an organization’s network.

Another Russian-led cybercrime gang is Revil, which used the Happy Blog website to extort companies and leak their data.

One of its attacks, which targeted the Colonial Pipeline, has led to a lack of gas on the east coast of the United States. According to the authorities, this attack used encryption software called DarkSide, created by members of Revil.

At the time, law enforcement and intelligence officials prevented the gang from taking action against other companies, and after the group compromised software management company Kaseya, the U.S. government tried to stop it from paralyzing organizations around the world.

7. Sectors Attacked in Cyberwarfare

In cyberwarfare, there are critical infrastructure sectors, which are those usually attacked by hackers to cause instability in the opposing government.

These sectors consist of vital services for the population of a country, whose interruption could impact safety, public health, economy, or other essential areas in the routine of people. 

Some of the critical infrastructures are hydropower and energy systems, water networks, transport and communication services, government and military systems, and emergency services, which can be stopped, impacting the entire population. 

According to the U.S. Cybersecurity and Infrastructure Agency (Cisa), there are 16 critical infrastructure sectors vital to this country and protected by Cisa. They are:

• Chemical Sector;

• Commercial Facilities Sector;

• Communications Sector;

• Critical Manufacturing Sector;

• Dam Sector;

• Defense Industrial Base Sector;

• Emergency Services Sector;

• Energy Sector;

• Financial Services Sector;

• Food and Agriculture Sector;

• Government Facilities Sector;

• Health and Public Health Sector;

• Information Technology Sector;

• Nuclear Reactors, Materials, and Waste Sector;

• Transportation Systems Sector; and

• Water and Sewage Systems Sector.

Additionally, in 2010, U.S. security firm McAfee issued a report called “Under Firestorm. Critical Infrastructure in the Age of Cyberwarfare.” 

To this end, threats to critical structures were assessed, based on information from 600 IT executives on cyberattacks and security practices.

This analysis allowed them to conclude that critical structures are constant targets of cyberattacks involving other nations, even if this is not declared.

We also add that cybercriminals can present different profiles and modes of action. Check them out:

• Cyber soldiers: These hackers are commonly government-sponsored and direct their attacks with actions that include spying, exposing sensitive data, extortion, and destroying critical infrastructure. 

• Organized Cybercrime: These malicious agents carry out large-scale attacks, having access to the data of their victims and carrying out extortion, among other actions in order to obtain profits.

• Hacktivists: Here we refer to groups of hackers who act according to a political ideology and usually use non-violent but illegal digital means in their attacks. One of its most common actions is to use features that allow them to control millions of devices.

• Cyberterrorists: Cyberterrorists act by spreading terror among their victims. Their operations include the interruption of internet services, such as websites, theft and exposure of confidential data, and attacks on financial institutions and other critical infrastructure sectors. 

• Cyberwarfare Facts & Data

There is a lot of relevant data about cyberwarfare. Here are some of them:

• 26.3% of cyberwarfare attacks target the United States.
• 20% of global organizations believe cyber espionage is their biggest threat.
• Up to 64% of the world’s organizations have been the target of some kind of cyberattack.
• China and Russia are believed to be linked to up to 35% of all politically-motivated cyberattacks.
• The attacks related to espionage total 11% of the actions promoted in cyberwarfare and have the goal of collecting information from people, companies, and governments.
• Iran is one of the fastest-growing countries when it comes to cyberwarfare since 2009. In 2018, 144 universities and 33 companies in the US were targeted by Iranian hackers, who stole $3.4 billion in data.

• In 2018, two Chinese were accused of hacking American, Japanese, German, and Canadian organizations, among others. Among their targets, NASA stands out.

• It is believed that 69% of the cyberattacks and violations suffered by the United States in 2019 were caused by hackers who were abroad, which makes it more difficult to track them.
• In 2015, the Obama-Xi cyber agreement between China and the United States was held, which contributed to reducing attacks on U.S. targets. However, the agreement represented only a truce between the two countries. In 2018, Chinese hackers targeted hotel chains targeting VIPs and U.S. telecommunications companies.
• Between 2009 and 2018, the number of cyberwarfare-related attacks has increased by up to 440%, involving at least 56 countries.
• According to information from the New York Times, it is believed that since 2015, Russia has supported a group of 400 hackers who have devoted themselves entirely to cyberattacks.
• According to information from the University of Maryland, every 39 seconds, someone is the victim of a cyberattack.
• 62% of hacks consist of social engineering attacks, such as phishing. In addition, ransomware and DDoS attacks are also very common. 

• Stuxnet: The Most Famous Event Linked to Cyberwarfare

In 2010, a pest was identified that had the potential to impact industries. Stuxnet is not used to attack home computers, but Siemens industrial control systems (SCADA).

In practice, this malicious program is mirrored through flash drives and connects the hacked computers to a remote system, where stolen information, such as reports, is sent. With it, hackers can also access SCADA system settings remotely.

This system is used by industries of all sizes in order to control automated processes in the production line, without human presence. In 2010, Stuxnet was identified at the Iranian nuclear facilities in Natanz, as well as computers located in China, India, Indonesia, Australia, Pakistan, England, and the United States.

As mentioned earlier, it is believed the virus was inserted through a device installed on the plant’s computers, since there was no internet on site. It is speculated that the action was commissioned by a country interested in Iranian uranium enrichment centrifuges.

Here are other cases of cyberwarfare attacks:

• Attack on Sony

After the release of The Interview, which negatively portrayed Kim Jong Un, an attack was carried out on Sony Pictures allegedly by hackers from the North Korean government.

According to the FBI, there are similarities between this action and malware attacks previously performed by North Koreans, including data deletion mechanisms, code, and encryption algorithms.

• Estonian Government

In 2007, Estonia transferred the Bronze Soldier, a statue depicting a Soviet soldier in uniform, from the center of Tallinn to a military cemetery. Subsequently, the country suffered a series of cyberattacks, which overwhelmed government, bank, and media websites with traffic in denial-of-service attacks, leaving them down.

• Ukrainian Artillery Rocket Forces

According to CrowdStrike, an organized group of Russian hackers called Fancy Bear allegedly attacked Ukrainian rocket and artillery forces between 2014 and 2016.

An Android app used by the D-30 artillery unit is believed to have been used to spread X-Agent malware.

This attack was successful, as it destroyed more than 80% of Ukraine’s D-30 howitzers.

• Qatar Government

In 2018, American businessman Elliott Broidy filed a lawsuit against the Qatar government, alleging that it had stolen and leaked his emails in order to discredit him.

The accusation involved Qatar emir’s brother, who allegedly organized a cyberwarfare campaign, along with other leaders in the country, and claimed 1,200 victims, known as “Qatar’s enemies.”

• Google

Human rights activists residing in China had their data violated in a 2009 cyber-attack directed at Google’s Chinese division. This intrusion gave access to internal codes of the organization’s services and users’ emails.

Those responsible were not identified, but it is believed the initiative came from Chinese agents interested in registering actions of opponents of the regime.

• Pegasus Spyware

In September 2018, researchers stated that 36 governments attacked targets in at least 45 countries with Pegasus spyware.

According to Swiss authorities, two Russian spies were located in the Netherlands, preparing to attack the Swiss defense laboratory.

• Phone Calls

In October 2018, former U.S. President Donald Trump was alerted that Russia and China had access to calls made from an unsecured phone line.

At the same time, the Israel Defense Force requested the development of projects that would allow monitoring correspondence between social media users.

• Drug Cartels

Following the death of a journalist investigating drug cartels in 2018, a group linked to the Mexican government allegedly used spyware to attack their colleagues. 

• Chilean Interbank Network

After manipulating an employee to install malware during a fake job interview, North Korean hackers broke into the Chilean interbank network in December 2018.

In the same period, the United States, along with Canada, the United Kingdom, Australia, and New Zealand, accused China of promoting cyber espionage for 12 years to uncover the IP and sensitive business information of organizations from 12 countries.

• German Politicians

Hundreds of German politicians had their private communications, financial data, and other personal information stolen in January 2019. This attack had members of all parties, except for the extreme right-wing AfD, as its political targets.

• UN Civil Aviation

At the end of 2016, UN Civil Aviation Organizations were attacked by hackers linked to the Chinese government to use their access to spread malware to websites of various governments.

• Cryptocurrencies

In March 2019, the UN Security Council revealed that North Korea had used hackers to prevent sanctions and stolen $670 million in currency and cryptocurrency over three years between 2015 and 2018.

• Hong Kong International Amnesty

In April 2019, Amnesty International’s Hong Kong office revealed it was targeted by Chinese cybercriminals who had access to personal data from its supporters.

In the same period, Lithuania’s Ministry of Defence was the target of a disinformation campaign, which spread rumors of corruption using counterfeit email addresses.

• More False Information

In May 2019, Iran spread fake news about the US, Israel, and Saudi Arabia using a network of websites and accounts developed for this specific purpose.

• Microsoft

In July 2019, Microsoft stated it had identified about 800 cyberattacks carried out in the previous year, which targeted NGOs, discussion groups, and other types of political organizations. 

Most of these attacks are believed to have originated in Russia, North Korea, and Iran.

• ProtonMail

Also in July 2019, email provider ProntonMail was targeted by a government-sponsored group seeking to access accounts of former intelligence officers and reporters for information on Russian intelligence actions.

• Internet of Things

In August 2019, Russian hackers used vulnerable IoT devices to access corporate networks. In the same period, hackers associated with the government of China attacked U.S. cancer institutes for information related to research against the disease.

• Huawei Business Operations Disruption

In September 2019, the US government was accused by Huawei of invading its intranet and internal systems to make its business operations impossible.

• Is Cyberterrorism Synonymous with Cyberwarfare?

Cyberwarfare and cyberterrorism are commonly associated concepts, but they are not synonymous. When we talk about cyberwarfare, we refer to attacks motivated by conflicts between countries, possibly commissioned by governments with intentions motivated by political factors.

Cyberwarfare involves cyberattacks, but not all cyberattacks involve a dispute between rival countries. That is, one of the factors that differentiate a cyberattack from cyberwarfare is intent.

Cyberterrorism, on the other hand, consists of a one-off action with consequences that can be devastating, such as conventional terrorist attacks.

The concept of cyberterrorism gave rise to cyberterror, which defines the way people experience the fear of an attack, especially when they live in a country that is in the midst of an international conflict.

Cyberterrorists’ targets include public security systems, governments, and hospitals, and their goal may be to compromise the image of a country’s rulers towards its population. As in cyberwarfare, acts of cyberterrorism may be related to political motivations. However, they can also be triggered for ideological reasons.

• Cybercrime, Cyberespionage, or Cyberwarfare?

Cyberwarfare is a controversial expression and is often questioned by cybersecurity experts. Many believe that the acts thus defined would fit into classifications such as crime, terrorism, and espionage, but not war. This is because war involves more complex legal, political, and military issues. 

One explanation is that an act of espionage alone, whether through cyberspace or traditional methods, would be insufficient to lead to war. An example of this is the accusations of Chinese cyberespionage against countries such as the United States, Germany, and India, which did not have the power to undermine diplomatic relations with these nations. 

Likewise, cybercrime is seen as a matter of law and not of the military. On the other hand, if there is a cyberattack by one nation against another, targeting critical structures such as those mentioned in this article, and the attribution is proven, the action is equal to an armed attack. 

Armed conflict experts question whether cyber activities could lead to war, arguing that the resources used do not give rise to a new type of war. 

Cyberwarfare usually precedes armed conflicts and continues after they end, such as the conflict between Israel and Hezbollah in Lebanon in 2006, and the Russian invasion of Georgia in 2008, but it cannot be said it is the cause of these conflicts. 

This reflection, however, leads us to believe that cyberwarfare will integrate the initial phases of future conflicts. 

• Cyberattack and Cyberdefense

Cyber Warfare grows day by day, posing a series of challenges for those who attack and assume the role of defense. This is because cyberattackers need to overcome cyber defense actions, and cyberdefense must confront them, protecting vulnerable networks that are still managed by human users.

A cyberattack, to be effective, needs to be successful only once, while cyberdefense must have repeated successes. 

Another feature of cyberwarfare is the need to differentiate combatants from ordinary users, after all, cyberspace is increasingly accessible to anyone who wants to use it. This enables civilians to participate in cyberattacks against governmental and non-governmental organizations, among other targets. 

• Cybersecurity as a Priority for Anatel (Brazil)

Cybersecurity is one of the priorities of the National Telecommunications Agency (Anatel) and has become the subject of the Cybersecurity Requirements Act for Telecommunications Equipment and the Regulation of Cyber Security applied to the Telecom Sector. 

Check out the public policies adopted by the National Telecommunications Agency below: 

• Brazilian strategy for Digital Transformation

The Brazilian Strategy for Digital Transformation was approved by Ordinance No. 1.556/2018 of the former Ministry of Science, Technology, Innovation, and Communications (MCTIC), and aims to map the challenges of digital transformation in Brazil.

Its vision for the future involves eight strategies related to trust in the digital environment, based on the protection of rights and privacy, defense, and security in the digital environment. They are as follows:

• Create a national cybersecurity policy, with a body responsible for national coordination involving the private and public sectors;
• Establish a legal framework for cybersecurity in the country, which allows the development of new means of investigation for the digital world in harmony with existing legal guidelines;
• Create a national plan to prevent and recover incidents, including those that may involve critical infrastructures;
• Create a collaboration link between government entities, federated entities, and the private sector that enables the adoption and sharing of cybersecurity best practices, including security standards, critical infrastructure protection, and incident response;
• Empower public agents to prevent threats and respond to cyberattacks and foster partnerships for the training of private-sector professionals;
• Raise awareness among the Brazilian population about information security through educational campaigns;
• Invest in research in the area of cybersecurity, training human resources, and promoting national technological autonomy;
• Strengthen international cooperation between access and content providers and authorities from different countries in order to ensure law enforcement and solve cybercrime and cyberattacks of a transnational nature.

• National Information Security Policy (PNSI)

The national information security policy was enacted in 2018 through Decree No. 9.637/2018 in order to carry out one of the actions indicated in E-Digital. It must include the entire public administration and involves:

• Cybersecurity;
• Cyberdefense;
• Physical security and organizational data protection; and
• Actions were developed to ensure the availability, confidentiality, authenticity, and integrity of the information.

The National Information Security Policy is equipped with national plans and the National Information Security Strategy, which, as we suggest, will be constituted in modules.

These modules should contain strategic initiatives and goals associated with information security, reconciled with federal government programs and public policies, and will address:

• Cybersecurity;
• Cyberdefense;
• Critical infrastructure security;
• Security of confidential information; and
• Protection against data leaks.

• National Cybersecurity Strategy

The National Cybersecurity Strategy — E-Ciber — involves strategic initiatives of the Brazilian government associated with the area of information security, which should be implemented by 2023.

This is the first module of the National Information Security Strategy, which should modify the position of people and entities on this topic.

It aims to guide the population on the initiatives of the Federal Government related to cybersecurity. 

The goals of the National Cybersecurity Strategy are:

• Ensure more reliability and prosperity for Brazil in the digital environment;
• Make the country more resilient to cyber risks;
• Strengthen its performance in the international scenario when it comes to cybersecurity.

For this, ten strategies have been developed:

1. Strengthen initiatives that promote cybersecurity;
2. Centralize the governance model in the country;
3. Bring together the public and private sectors and society in a secure, reliable, collaborative, and participatory environment;
4. Increase the level of government security;
5. Provide more protection to the country’s critical infrastructure;
6. Improve the legal terms about cybersecurity;
7. Encourage the creation of innovative solutions related to cybersecurity;
8. Increase the country’s international cooperation when it comes to cybersecurity;
9. Increase partnership between the public and private sectors, society, and academia to promote cybersecurity;
10. Increase the maturity of the population in terms of cybersecurity.

The role of regulatory agencies in the sector and critical infrastructure security involves, among other aspects:

• Create a cybersecurity governance structure in critical infrastructure organizations, with security rules to be respected by employees, contractors, and suppliers;
• Conduct annual external audits on cybersecurity;
• Adopt cybersecurity standards when developing new projects, programs, actions, and products;
• Each company and sector must have Computer Security Incident Response Groups, which communicate and collaborate with each other;
• Promote employee training;
• Whenever there is a cyber incident, it is necessary to notify the Government Cyber Incident Treatment and Response Center;
• If there is a leak that compromises consumer data, they must also be notified;
• It is essential to promote awareness campaigns aimed at users about cybersecurity care;
• Suppliers of computer equipment, programs, and services must take all measures recommended by national and international bodies to ensure information security;
• It is also critical to develop recovery plans for critical environments and incident response.

• Biden Executive Order

U.S. President Joe Biden has launched an Executive Order (EO) to help detect, prevent, and respond to recurring cyberattacks in the country.

In this sense, lessons learned from recent cyberespionage campaigns will be applied to make U.S. government systems more difficult to invade.

For this, it was necessary to modernize its cybersecurity using concepts such as the zero-trust architecture and invest $70 billion in information technology, stimulating the development of software focused on security from the beginning.

With this Executive Order, the United States government has created targets to respond to cyberattacks effectively and agile, and all IT providers must report incidents to government entities. 

Moreover, different entities must respond to cyber incidents together, following a manual that standardizes the procedures to be adopted.

According to the Executive Order, the trust placed in the government’s digital infrastructure must be proportional to its reliability and transparency and the possible consequences of having that trust misplaced.

This measure is only the first action to prevent and address attacks on the supply chain of countries and should impact the following sectors:

Federal executive agencies, which must modernize their cybersecurity methods and IT environments;

Government suppliers, who will have new cybersecurity standards inserted under the terms of the contracts, being required to share more information about cyber incidents; and

Software companies and IoT devices, which must deal with new evaluation standards and security criteria, ensuring transparency and security for the user.

The Executive Order of the U.S. government sets security goals that must be made feasible in the short term, impacting federal contractors first and then other sectors.

• Russia and Ukraine: Prospects for New Cyberattacks

During a conference held in early March 2022, Kaspersky’s director of research, Constin Raiu, stated that Ukraine should suffer even more sophisticated cyberattacks than it has suffered to date. 

The researchers who participated in the event revealed details about the attacks and stated that some strategies used against Ukraine are unprecedented.

As explained, for the main attack, a wiper similar to NotPetya used in 2017 was used. What also drew attention in the current context is the absence of trends.

The attacks are being monitored, which allows us to know that most come from Russia, the United States, and China.

• About senhasegura

We are part of MT4 Tecnologia, a group of information security companies founded in 2001 and currently present in more than 50 countries. 

Our commitment is to provide digital sovereignty and security to the organizations that hire us, granting control of privileged actions and data. In this way, we contribute to preventing leaks and theft of information. 

We follow the lifecycle of privileged access management through machine automation, before, during, and after accesses. With this, it can:

• Avoid interruptions in the activities of companies and increase their productivity;
• Automatically audit the use of privileges;
• Automatically audit privileged changes to detect privilege abuse;
• Provide advanced PAM solutions;

• Reduce risks;

• Also bring companies into compliance with audit criteria and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

• Conclusion

By reading this article, you learned that:

• In cyberwarfare, there are one or several cyberattacks targeting nations;
• Experts have not yet reached a consensus on this concept;
• Cyberwarfare is believed to have the potential to cause death;
• One of the motivations of those who attack in cyberwarfare is to seek advantage in real confrontations;
• Impacting a country’s population to destabilize its rulers is another common cause;
• Another recurring motivation is the sabotage of industries in rival countries in order to make their projects unfeasible;
• An emblematic example of cyberwarfare occurred in Iran in 2010 with the deployment of the Stuxnet virus in the control systems of uranium enrichment centrifuges;
• The current confrontation between Russia and Ukraine was also preceded by cyberwarfare;
• Cyberwarfare is not a recent concept;
• Due to the destructive potential of cyberwarfare, many countries rely on intelligence services that have the mission of preventing them;
• Attacks in cyberwarfare can be of many kinds. One of them is spreading fake news about a government;
• Hackers can also steal sensitive data and strategic information from rival nations;
• In cyberwarfare, there are several critical infrastructure sectors, which are vital services for the population and used by cybercriminals to generate vulnerability in their target;
• The United States is the target of 26.3% of cyberwarfare attacks;
• Attacks related to espionage represent 11% of the actions promoted in cyberwarfare;
• Between 2009 and 2018, the number of cyberwarfare-related attacks increased by up to 440%, involving more than 50 countries;
• Cyberterrorism and cyberwarfare are close concepts, but they are not synonymous;
• One of the factors that differentiate a cyberattack from cyberwarfare is intent;
• Cyberwarfare often precedes armed conflicts and continues after they are over;
• Cyberwarfare represents a major challenge to cyberdefenders as well as cyberattackers;
• Future cyberattacks on Ukraine are believed to be even worse than those suffered so far.

Was our article on cyberwarfare helpful to you? So share it with someone else who may also be interested in the topic. 

ALSO READ IN SENHASEGURA’S BLOG

Achieving DevSecOps through PAM

How to Properly Manage Secrets in Development Projects

Common Questions about Privileged Access Management (PAM) Solutions