BR +55 11 3069 3925 | USA +1 469 620 7643
Select Page
The Biggest Cyberattacks of Recent Years

The Biggest Cyberattacks of Recent Years

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from the digital security industry. 

One of the biggest challenges is to keep up with the evolution of these crimes, because as technology advances, crimes become increasingly strategic and sophisticated, requiring even more technological advances and security efforts, in addition to repeating a cycle that is difficult to prevent.

In recent years, especially during the coronavirus pandemic, in which most companies are adopting new work alternatives, migrating to digital environments, the role of criminals has been strengthened. 

According to data from FortiGuard Labs, the year 2020 had 41 billion attempts of cyberattacks in Latin America. The good news is that while these attempts are taking place, the cybersecurity industry has also worked hard and strengthened itself to ensure as much security as possible for digital media and to weaken this cycle of attacks.

To get a sense of this problem’s scale and the lessons we can pass on to those who want to strengthen the security of their information, we have listed the 5 biggest cyberattacks in recent years. Check it out below.

Solar Winds: The Biggest and Most Sophisticated Attack in History

In 2020, Solar Winds, an information infrastructure company, suffered what can be considered, according to Microsoft’s President Brad Smith, as “the biggest and most sophisticated attack the world has ever seen”. This is because several tactics and techniques of cyber invasion and espionage were employed. 

Hackers have inserted malicious software into Solar Winds’ monitoring software update that has been sent to up to 18,000 customers. These include Microsoft companies and the US Departments of Energy, Justice, and Nuclear Safety. But it was FireEye, one of Solar Winds’ client companies, the first victim to identify the attack. 

In the Microsoft attack alone, according to its president, at least a thousand engineers took part. Ongoing investigations indicate that the operation is very complex and surprising even for specialists, as it combines very advanced and stealthy techniques, which have bypassed the radar of the most experienced security specialists. This made everyone apprehensive about a critical vulnerability in the technology infrastructure.

Colossal DDoS Attack Against Dyn

Dyn, an American company of DNS (Domain Name System) services, has suffered a DDoS attack, which, in general, is a type of attack that intensifies data traffic and overloads a certain server, making it unavailable to users.

This attack caused a system crash for all the company’s customers in 2016, who had virtual newspapers and magazines from the United States and other large companies among them: Amazon, Netflix, PayPal, Spotify, Tumblr, Twitter, GitHub, Xbox Live, and PlayStation Network. 

It was an event known as “The American Internet Blackout”, one of the biggest DDoS attacks in recent times.

ASUS Automatic Updates

 One of the largest laptop manufacturers in the world, ASUS, was the target of a hacker attack in 2018, with an automatic software update that infected nearly 1 million users worldwide. 

The attack targeted 600 computers, but the malware spread and reached more users. As the attackers used the company’s legitimate security certificate during the action, it was almost impossible to raise suspicion.

This type of crime can increase users’ distrust and lead them to avoid machine upgrades, which can raise the level of vulnerabilities and cause even bigger problems. 

STJ: Great Cyberattack in Brazil

Brazil is one of the countries with the highest number of users connected to the Internet, and according to the Internet Security Threat Report, released in 2019, the country occupies third place in the ranking of cyberattack attempts, fourth in bot attacks, and seventh in crypto-jacking.

As might be expected, government agencies are not left out of vulnerability for cybercrime. In Brazil, the biggest data attack involved the STJ (Supreme Court of Justice), a target of the ransomware action, which invaded more than 1,200 servers of the institution and destroyed the backups on the machines. 

On the scale of this attack, Marta Schuh, Director of Cyber Insurance at the international broker Marsh, stated that: “It was like the STJ databases could be placed inside an incinerator.” As expected, the criminals offered to ransom the information in exchange for a sum of money.

 

A Leak of Sensitive Data from Over 100 million Americans

Paige A. Thompson, a former Amazon employee, was responsible for hacking the database of Capital One, a US financial institution, compromising the data of more than 100 million Americans and 6 million Canadians by obtaining access to personal data of credit card requests. 

Although the affected information does not contain the users’ credit card numbers, as Capital One claimed, the damage will cost around $150 million to boost the institution’s digital security.

Other Relevant Data on Cybersecurity in 2020

  • 60% of users say they are poorly informed about cybersecurity. (ESET Survey).
  • Lack of backup is the main cause of loss of money for 3 out of 4 users (ESET Survey).
  • Of the top causes for data leaks, 16% are exploiting third-party software vulnerabilities, 19% are cloud-server misconfiguration procedures and login data breaches, and 14% involve phishing activities. (IBM)
  • 52% of data leaks were due to malicious attacks and 23% to human error. (IBM)
  • Only 61% of users believe that some of their passwords are secure. (ESET Survey)
  • The most used password in 2020 was “123456”, accounting for two and a half million users. (Nordpass)
  • 40% of consumers worldwide use between one and three financial applications, but only half have security software installed on their devices. (ESET Survey)
  • Reports of cyberattacks grew 400% during the pandemic. (FBI)
  • DDoS attacks increased 151% in the first half of 2020. (Neustar)

What Can We Expect from the Future?

The trend for the future is to have more devices and users connected to the Internet around the world, which could further increase the number of cyberattacks and attempts. On the other hand, it has been increasingly difficult and outdated to live in a non-digital world even to perform simple everyday tasks. 

Therefore, more than ever, digital security must be a concern for companies and governments, which must continue to invest heavily in the prevention and control of threats, and for users, who must always keep up-to-date on the best ways to protect their data and what legal protection they can receive in cases of attack.

If you are interested in the subject, we also invite you to read the next article. After All, How to Act in Case of Data Invasion and Theft?

 

____________________

 

References to mentioned research.

 

https://www.bhs.com.br/2019/07/22/grandes-crimes-ciberneticos/

https://noticias.r7.com/distrito-federal/jornal-de-brasilia/mp-no-df-abre-inquerito-para-apurar-vazamento-de-dados-de-clientes-do-banco-pan-04092019

https://olhardigital.com.br/2021/02/15/noticias/solarwinds-ataque-foi-o-maior-e-mais-sofisticado-que-o-mundo-ja-viu/

https://veja.abril.com.br/blog/radar-economico/brasil-sofre-seu-maior-ataque-hacker-da-historia/

https://olhardigital.com.br/2019/07/31/seguranca/hacker-vazou-dados-sensiveis-de-mais-de-100-milhoes-de-americanos/

https://canaltech.com.br/video/top-tech/7-ataques-hacker-que-entraram-para-a-historia-top-tech-10404/

https://olhardigital.com.br/2020/12/31/retrospectiva-2020/retrospectiva-2020-relembre-os-piores-ataques-ciberneticos/

https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Security_Report_2020_BR-1.pdf

https://thehill.com/policy/cybersecurity/493198-fbi-sees-spike-in-cyber-crime-reports-during-coronavirus-pandemic

 

Are you enjoying this post? Join our Newsletter!

5 + 13 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Nomenclatures and acronyms are part of the routine of those who work in the technology area. Picture a physical archive room, the kind we see in movies and series set in hospitals or police departments, separated by a bookcase full of folders: when we get to the...

Why is Data the New Oil?

Performing any task today is much easier than it was a few years ago. With the evolution of technology, the consumer can make purchases faster and more practical, receive optimized ads - which help a lot when purchasing something -, social networks with features that...

Why is Information Security Important to Your Organization?

As technology becomes increasingly sophisticated, criminals' skills often evolve as well, in many cases surpassing the skills of security professionals within organizations. The proof of this is that the number of successful attacks is growing every year.  We live in...

Brazil improves its position in the 2020 global cybersecurity ranking

Several Latin American countries have advanced in the Global Cybersecurity Index, a report supported by the International Telecommunication Union (ITU). Brazil, Mexico, Uruguay, Dominican Republic, and Chile had the best performances in the region. Although there are...

Is your company really prepared for a cyber attack? – Part 2

In the previous article, we discussed the importance of digital transformation to business, and how this process brings various information security issues with it. Now we will talk a little bit about what are the most common cyberattacks on businesses today and what...
Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Nomenclatures and acronyms are part of the routine of those who work in the technology area. Picture a physical archive room, the kind we see in movies and series set in hospitals or police departments, separated by a bookcase full of folders: when we get to the Privileged Access Management (or PAM) sector ⎼ look at one of them ⎼ we come across a file full of names and features that help us protect critical systems.

Under the theme “A meeting between security and efficiency”, the North American magazine Cybersecurity Review has published an article on the premises and services of senhasegura’s PAM in its most recent edition, explaining a little of the names and purposes of the mechanisms that make up the product, going through a brief explanation of the company’s history and ending with a success story. Within this entire trajectory, the goal of the article is to bring to light the mission of senhasegura to work on digital sovereignty and to defend the right to data protection of citizens and organizations, whether public or private, small or large, wherever they are.

Browsing Is a Must

Companies that were not born in the virtual environment need to migrate to this space for reasons of adaptation, brand positioning, maintenance of activities and relationship with customers. In a study performed by Statista (German market data research company) and published on Cuponation’s website, 4.66 billion people became active internet users in the first half of this year alone, which corresponds to 59.5% of the world population. With so many people consuming behind the screens, modern cybersecurity solutions – as is the case with PAM – are the walls of the corporate networks for those who provide services or leisure. 

 

That’s what Cybersecurity Review quotes: 

“In the ever-evolving digital landscape, cybersecurity is NOT a project anymore. In the wake of the changing digital trends and technological advancements, it is of survival for any company. The increasing cyber threats and other illicit activities make identity and access management (PAM) a crucial part of any business. The recent shift to remote work culture and increasing dependence on digital files made Privileged Access Management a focal point of every organization’s security model.

 Ineffective management of privileged access allows malicious agents to access a company’s critical information and exploit the same, threatening data privacy and aggravating security concerns. Traditional preventative cybersecurity approaches are no longer enough to withstand the rising tide of the cyber threat landscape. To deal with the current and emerging cyber threats, companies require next-generation solutions and defense capabilities, and São Paulo-based senhasegura is the one company excelling in addressing security challenges of organizations”.

Do you want to read the full article? Access the digital version of the magazine: CYBERSECURITY REVIEW – AUGUST 2021.

 

Are you enjoying this post? Join our Newsletter!

9 + 8 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Nomenclatures and acronyms are part of the routine of those who work in the technology area. Picture a physical archive room, the kind we see in movies and series set in hospitals or police departments, separated by a bookcase full of folders: when we get to the...

Why is Data the New Oil?

Performing any task today is much easier than it was a few years ago. With the evolution of technology, the consumer can make purchases faster and more practical, receive optimized ads - which help a lot when purchasing something -, social networks with features that...

Why is Information Security Important to Your Organization?

As technology becomes increasingly sophisticated, criminals' skills often evolve as well, in many cases surpassing the skills of security professionals within organizations. The proof of this is that the number of successful attacks is growing every year.  We live in...

Brazil improves its position in the 2020 global cybersecurity ranking

Several Latin American countries have advanced in the Global Cybersecurity Index, a report supported by the International Telecommunication Union (ITU). Brazil, Mexico, Uruguay, Dominican Republic, and Chile had the best performances in the region. Although there are...

Is your company really prepared for a cyber attack? – Part 2

In the previous article, we discussed the importance of digital transformation to business, and how this process brings various information security issues with it. Now we will talk a little bit about what are the most common cyberattacks on businesses today and what...

Why is Data the New Oil?

Why is Data the New Oil?

Why is Data the New Oil?

Performing any task today is much easier than it was a few years ago. With the evolution of technology, the consumer can make purchases faster and more practical, receive optimized ads – which help a lot when purchasing something -, social networks with features that follow the biggest trends, ease of payments and banking transactions, among others.

On the other hand, in exchange for all this comfort, the customer provides their data, which will be used as a resource/raw material by the companies. In this “win-win” relationship, the company makes life easier for customers through the use of data, but also exponentially increases its profits. 

Thus, there is much debate among specialists about the reciprocity of this relationship, considering the power and value of data today. Far from being just good things, just like at the time of the industrial revolution, the information and data age also brings some problems, which are constantly debated in search of the best solution within the current scenario. 

Such problems revolve around ethical and security issues in the use of data, since not all consumers are fully aware of how their data is used by companies and the great effort to protect this data from hackers, since the Internet is a place “where everyone treads”. 

This concern around data integrity is yet another aspect that emphasizes how valuable this resource is to society as a whole. In this article, we will explain the value of data in the information world and the main reasons why it is an essential part of a business strategy. We invite you to keep reading the article and find out why data is the new oil.

The Value of Data

Saying that data is the new oil is a smart and simple way to get a sense of where we are standing. However, the author of the statement himself, Ajay Banga, Mastercard’s CEO, added that data is even more valuable than oil, considering that oil is a scarce and finite resource, while data is inexhaustible and only increases. 

Furthermore, they can be continuously reused, even after being transformed, to generate new information, while oil is discarded after its transformation. That is, the more data, the more information is generated and the more valuable it becomes. 

Most people are aware of the contribution of their data to the economy, but not everyone knows or can measure this value, which leads many people to lose interest in the value of their personal data. Also, the benefits offered “free of charge” by companies work as a form of payment to the user for providing their data, who perceives the exchange as fair.

Nevertheless, this “bargaining” relationship is not always voluntary, since, with the new privacy policies, some companies “force” users to grant permission on their personal data if they want to continue using their tool. 

This only increases the users’ lack of control over their data, because between making them available and losing access to the tools’ benefits, the first option seems more sensible. In short, concerning data in the relationship between company and users, everyone wins, but disproportionately.

With the new data protection laws in the countries, a company that fails to comply with regulations or puts customer and user data at risk is punished with huge fines. 

This is because personal data such as name, age and date of birth, IP address, or sensitive information such as religious and ideological beliefs, health information, genetic and biometric data, for example, can be used for various purposes, from optimizing/customizing the use of a tool by the customer to increasing the company’s sales or as a criminal weapon. 

Therefore, privacy policies are full of strict requirements imposed on companies that work with data collection and storage.

Data in Business Strategies

It is important to understand that, from an organization’s point of view, for example, having the raw material is not enough, that is, it is not enough just to obtain the data, but to know how to handle and manage them properly in order to obtain information that generates value. 

The consequence of this is valuable returns for companies, both financially and in areas that have an impact on the world. The company that manages to get this increases competitiveness, productivity, and stands out from the crowd. 

So, it is not the data itself that makes it so important to companies, but the information and value that can be generated from it. 

In this sense, having a good data management policy today is essential for organizations, since, unlike a few years ago, when companies were working with hypotheses to analyze the competition and achieve customer preference, nowadays, data provides us with concrete, accurate information that, when handled correctly, helps drive the business forward. 

Therefore, good data management favors:

  • Making the best decisions based on data.
  • More precision in identifying problems.
  • More strategic and precise approaches.
  • Optimization of resources (time, money, and labor).
  • In-depth understanding of customer tastes and behaviors.
  • A greater understanding of the market and the competition.
  • Increase in sales.
  • Closer relationships with customers.

Data is The Future

Data is changing the world, as everything that can be done from exploiting it and the fact it is inexhaustible and reusable makes this resource even more valuable than oil. 

With the data revolution, not only do companies change the way they work, but the population also changes the way they think and act in society. The trend is for this to increase in the near future.

However, before appropriating this comparison of data with oil and trying to be part of this revolution, it is necessary to bear in mind that not all countries get rich from the sale of oil, and one of the reasons is the poor management of the resource. 

With data, it is no different. In this race towards evolution, as Yuval Noah Harari says in the book 21 Lessons For The 21st Century, “those who have the data own the future”, and those who are aware of it and make the best use of them lead the way.

Did you get interested in the subject? We invite you to read our article LGPD: Know What Your Company Needs to Do By August.

Are you enjoying this post? Join our Newsletter!

13 + 5 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Nomenclatures and acronyms are part of the routine of those who work in the technology area. Picture a physical archive room, the kind we see in movies and series set in hospitals or police departments, separated by a bookcase full of folders: when we get to the...

Why is Data the New Oil?

Performing any task today is much easier than it was a few years ago. With the evolution of technology, the consumer can make purchases faster and more practical, receive optimized ads - which help a lot when purchasing something -, social networks with features that...

Why is Information Security Important to Your Organization?

As technology becomes increasingly sophisticated, criminals' skills often evolve as well, in many cases surpassing the skills of security professionals within organizations. The proof of this is that the number of successful attacks is growing every year.  We live in...

Brazil improves its position in the 2020 global cybersecurity ranking

Several Latin American countries have advanced in the Global Cybersecurity Index, a report supported by the International Telecommunication Union (ITU). Brazil, Mexico, Uruguay, Dominican Republic, and Chile had the best performances in the region. Although there are...

Is your company really prepared for a cyber attack? – Part 2

In the previous article, we discussed the importance of digital transformation to business, and how this process brings various information security issues with it. Now we will talk a little bit about what are the most common cyberattacks on businesses today and what...
Why is Information Security Important to Your Organization?

Why is Information Security Important to Your Organization?

Why is Information Security Important to Your Organization?

As technology becomes increasingly sophisticated, criminals’ skills often evolve as well, in many cases surpassing the skills of security professionals within organizations. The proof of this is that the number of successful attacks is growing every year. 

We live in a connected world. It is hard to imagine that what once started as a small number of large computers in the 1970s has grown to encompass billions of connected devices from personal computers and smartphones to Internet of Things (IoT) devices. However, the advent of personal computing has come at the price of additional security risks in everyday life. 

The risk of a cyberattack to organizations has increased exponentially. Threats can occur anywhere on the network where there is a potential vulnerability that hackers can exploit, whether through a phishing email message, a fake social media post, or even compromised hardware. 

As the number of devices increases, the potential for attacks and disruption grows as well. That is why the need for cybersecurity measures grows exponentially too. 

Keep reading this article to understand the importance of security to your business.

How Important is Information Security in Business? 

Advanced security measures are a must for any organization. Most companies do not like to talk about it, but security breaches happen constantly in unprotected means and even monthly. 

Cybercriminals are constantly looking to hack companies and many succeed. A good security system that protects IT for companies is the best defense a business can have against these threats. 

The importance of cybersecurity for a company is not only for protecting its information, but also the information of its employees and customers. 

Consequently, companies have a lot of data and information in their systems. A fact that increases the importance of security, be it of data, information, or cybersecurity in general.

The Real Cost of Information Security

Cybersecurity breaches can be costly and harmful to any organization, both in terms of finances and reputation. Recent research reported that 43% of organizations experienced a data breach involving sensitive customer or business information in the past two years. 

Based on this data, two out of five companies are hit each year by a serious breach, in which a significant amount of sensitive data is compromised. It is noticed that hardly a week goes by without at least one data breach report in the news. 

A store can have its credit card data stolen. A health insurer may have lost its policyholders’ records. The government loses records of permits – while what should have been private emails are now being posted on activist websites. It appears that no private or public organization is fully protected against cyberattacks. 

The nature of cyberattacks is much more advanced. Initially, the most common target was email, such as messages from ‘banks’ requesting account details or personal data (IDs). But as computing has advanced, cyberattacks have also moved towards larger-scale operations, which are no longer limited to an individual, but rather to businesses, financial markets, and the government sector.

According to studies conducted by IBM, the average cost of a data breach is $3.62 million, which for many companies is an unbearable cost.

Main Threats to Information Security

Here are the top challenges companies face in trying to protect their confidential information.

Malware

Malware is an infectious agent that attacks software or pieces of software with malicious code intending to cause damage to data or devices within an organization.

Vulnerability Attacks

Hackers and criminals look for vulnerabilities within companies that can facilitate their attacks. These vulnerabilities are the result of the company’s own negligence, that is, the lack of care and investment in data security.

Some of the risk factors that may go unnoticed are outdated equipment, unsecured networks, incorrect configurations, and even lack of employee training.

Phishing

This is a type of attack developed through electronic fraud. One of the more classic ways is when the criminal impersonates someone trusted by the company via email, making the target easily click on infected links. 

Some of the hidden goals in this practice are identity and banking information theft.

Availability

Some systems cannot go down, and some attacks affect exactly the stability of these systems, causing crashes that consequently damage the company’s image or, worse, affect its revenue.

Lack of Confidentiality

Some data and information must be protected and accessed only by authorized and extremely trustworthy staff. When this basic rule of protection within companies is not followed, people outside the circles of trust can gain access to this data and misuse it.

Cybersecurity is important for any organization that has critical data and information that cannot be lost or stolen. When it comes to criminal attacks, many companies are defenseless against them. 

The reason for this is, in part, due to the lack of a proper cybersecurity service. When the company is aware of the importance of cybersecurity, it will what is necessary to ensure the protection of its business. 

So, now that you know why information security matters to your organization, how about getting to know our services? You can also complement your reading with this article that explains how PAM can help companies’ cybersecurity.

Are you enjoying this post? Join our Newsletter!

7 + 14 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Nomenclatures and acronyms are part of the routine of those who work in the technology area. Picture a physical archive room, the kind we see in movies and series set in hospitals or police departments, separated by a bookcase full of folders: when we get to the...

Why is Data the New Oil?

Performing any task today is much easier than it was a few years ago. With the evolution of technology, the consumer can make purchases faster and more practical, receive optimized ads - which help a lot when purchasing something -, social networks with features that...

Why is Information Security Important to Your Organization?

As technology becomes increasingly sophisticated, criminals' skills often evolve as well, in many cases surpassing the skills of security professionals within organizations. The proof of this is that the number of successful attacks is growing every year.  We live in...

Brazil improves its position in the 2020 global cybersecurity ranking

Several Latin American countries have advanced in the Global Cybersecurity Index, a report supported by the International Telecommunication Union (ITU). Brazil, Mexico, Uruguay, Dominican Republic, and Chile had the best performances in the region. Although there are...

Is your company really prepared for a cyber attack? – Part 2

In the previous article, we discussed the importance of digital transformation to business, and how this process brings various information security issues with it. Now we will talk a little bit about what are the most common cyberattacks on businesses today and what...
Brazil improves its position in the 2020 global cybersecurity ranking

Brazil improves its position in the 2020 global cybersecurity ranking

Brazil improves its position in the 2020 global cybersecurity ranking

Several Latin American countries have advanced in the Global Cybersecurity Index, a report supported by the International Telecommunication Union (ITU). Brazil, Mexico, Uruguay, Dominican Republic, and Chile had the best performances in the region.

Although there are still several tasks outstanding in Latin America related to cybersecurity, most Latin American countries managed to climb positions in the index.

The best-ranked Latin American country was Brazil, ranking 18th in the index, followed by Mexico, Uruguay, Dominican Republic, and Chile. By climbing 53 positions in the ranking, the country also became the third-best in America, behind only the United States and Canada.

Mexico rose from position 63 in 2018 to position 52 in the ITU’s 2020 Global Cybersecurity Index. The country’s rating was 81.68 points and, at the continental level, it remains in fourth place in cybersecurity, with the United States and Canada again ahead, although there is a change in the third place, conquered by Uruguay in 2018 and the last year. Brazil rose to this position.

The Union’s analysis places Mexico as a developing country. It is worth mentioning the indicator that has proven to be strong in cybersecurity is cooperation measures, with a score of 17.34 out of 20, despite obtaining the best rating in technical measures, with 17.90.

As a potential area for growth, the international organization mentions regulatory measures, with Mexico reaching its lowest score at 14.70 points.

Chile currently occupies 74th place in the world rank, having reached the 83rd position in the previous list. At the same time, Chile rose from ninth place in the last GCI to seventh. 

Keep reading and learn more about the report and the factors that led Brazil to improve its position in the global cybersecurity ranking.

What is the Global Cybersecurity Index (GCI)?

The Global Cybersecurity Index (GCI) is an initiative of the International Telecommunication Union (ITU), the UN specialized agency for ICTs, shaped and enhanced by the work of a wide range of experts and associates from countries and other international organizations. 

The Global Cybersecurity Index (GCI) is a credible benchmark that measures countries’ commitment to cybersecurity at the global level to raise awareness about its importance and different dimensions. As cybersecurity has a wide field of application, covering many industries, the level of development or involvement of each country is evaluated in five pillars: (I) Legal Measures, (II) Technical Measures, (III) Organizational Measures, (IV) Capacity Building, and (V) Cooperation, and then they aggregated into an overall score.

Based on a multi-stakeholder approach and initiative, the GCI leverages the capacity and experience of different organizations to improve the quality of research, foster international cooperation, and promote the exchange of knowledge on the subject.

Global Cybersecurity Index (GCI) In the World

Overall, the United States had the best result with 100 points, followed by the United Kingdom, Saudi Arabia, Estonia, Korea, Singapore, and Spain.

The worst-ranked countries were Honduras, Djibouti, Burundi, Eritrea, Equatorial Guinea, and North Korea.

Micronesia, Vatican, and Yemen are placed at the bottom of the index because they did not provide information.

Global Cybersecurity Index (GCI) Methodology

The index brings together 82 questions about member countries’ cybersecurity commitments in five pillars: legal, technical, organizational, capacity building, and cooperation measures.

Legal Measures

Measurement of the maturity of cybercrime and cybersecurity laws and regulations.

This pillar assesses questions such as: whether the countries have any cybersecurity legislation, data protection regulations, and critical infrastructure regulations.

Technical Measures

Measurement of the application of technical capacities through national and sectoral organizations.

This pillar assesses questions such as: whether the countries have active CSIRTs (Computer Security Incident Response Teams), participate in a regional CSIRT, and have reporting mechanisms for the protection of children online.

Organizational Measures

Assessment of national strategies and organizations that apply cybersecurity.

This pillar assesses questions such as: whether the countries have national cybersecurity strategies, cybersecurity agencies, strategies, and initiatives for the protection of children online.

Capacity Building Measures

Measurement of awareness campaigns, training, education, and incentives for the development of cybersecurity capabilities.

This pillar assesses questions such as: whether the countries perform cybersecurity awareness initiatives, whether they have programs in cybersecurity, and whether they claim to have national cybersecurity industries.

Cooperation Measures

Measurement of collaboration between agencies, companies, and countries.

This pillar assesses questions such as: whether the countries participate in public-private cybersecurity partnerships, and whether they have bilateral cybersecurity agreements and multilateral cybersecurity agreements.

Brazil climbs 53 positions in the Global Cybersecurity Index (GCI) in 2020

In the case of Brazil, the federal government’s plans to digitize its public services, as well as national law for the protection of citizens’ information, such as the LGPD (General Data Protection Law), weighed heavily.

The rise was also well praised by specialists, who highlight the work that has been done over the past 15 years. Federal regulations such as the Cybercrime Law of 2021 and the Internet Civil Framework of 2013 helped to pave the way and introduce the topic among the strategic concerns of the Brazilian government. These advances are a necessary response to the growing threat that state and non-state players pose to the security of countries.

Brazil still has a long way to go in the area of cybersecurity, but the governmental concern proved by the LGPD, for example, is remarkable. Brazil still lacks a cybersecurity culture, and one of the biggest missions of the National Data Protection Agency (ANPD) is to create and spread initiatives of this type in the country.

If you liked the content, we recommend that you add to your reading with the text LGPD: How to Comply With the 10 Privacy Principles.

Are you enjoying this post? Join our Newsletter!

15 + 15 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

 

 

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Nomenclatures and acronyms are part of the routine of those who work in the technology area. Picture a physical archive room, the kind we see in movies and series set in hospitals or police departments, separated by a bookcase full of folders: when we get to the...

Why is Data the New Oil?

Performing any task today is much easier than it was a few years ago. With the evolution of technology, the consumer can make purchases faster and more practical, receive optimized ads - which help a lot when purchasing something -, social networks with features that...

Why is Information Security Important to Your Organization?

As technology becomes increasingly sophisticated, criminals' skills often evolve as well, in many cases surpassing the skills of security professionals within organizations. The proof of this is that the number of successful attacks is growing every year.  We live in...

Brazil improves its position in the 2020 global cybersecurity ranking

Several Latin American countries have advanced in the Global Cybersecurity Index, a report supported by the International Telecommunication Union (ITU). Brazil, Mexico, Uruguay, Dominican Republic, and Chile had the best performances in the region. Although there are...

Is your company really prepared for a cyber attack? – Part 2

In the previous article, we discussed the importance of digital transformation to business, and how this process brings various information security issues with it. Now we will talk a little bit about what are the most common cyberattacks on businesses today and what...