BR +55 11 3069 3925 | USA +1 469 620 7643

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users, especially by companies, respecting people’s privacy and operating within the specific laws of the country.

After the European Union General Data Protection Regulation (GDPR), which seeks to guarantee citizens greater control over their own data, governments in several countries also started to invest in their own regulation with the same purpose. 

PIPL Construction Route

The most recent regulation was from China, which, after several revisions since October 2020, has officially approved its PIPL (Personal Information Protection Law) in August of this year. The first draft was presented at the National People’s Congress of China on October 13, 2020, and opened for public review on October 21 of the same year. 

A month later, the reviewed document was closed for internal assessment. In August 2021, the proposal was approved and is expected to take effect on November 1st.

The Chinese data protection law is similar to the European law, but with a stricter structure, especially for “Big Techs”. The goal is to further strengthen the current protection regime, regulating the collection, processing, and use of Chinese citizens’ data, including rules that avoid the monopoly and over-enrichment of some companies through population data. 

The China Consumer Association strongly criticized this type of behavior by companies, saying that the algorithms are becoming a “technical intimidation” to consumers.

How does PIPL impact organizations?

The data is seen by the Chinese government as a basic strategic resource and belonging to the country, and its use by third parties should be kept to a minimum, monitored, and for well-defined purposes. Therefore, with PIPL’s approval, the activities of organizations and individuals working with personal information will be heavily impacted. 

European entities fear that Chinese regulations will jeopardize trade between companies in the bloc and China, putting at risk the privacy of their businesses, as it is necessary to be subject to protection demands different from the European LGPB. 

For multinationals, the situation is no different, as they consider an uncertain business scenario and an invasive behavior by the Chinese government when auditing companies. In short, this uncertain scenario ends up generating concern for companies due to the following requirements:

  • Users are given more control over their data: Users can request/control the editing, removal, and restriction of the distribution, processing, and use of their data. In addition, prior consent can be changed or canceled by the user.
  • More rigorous requirements for data sharing and transfer: An organization or any other parties involved in data control need to pass assessments related to the legal use of data. 
  • Penalties and fines in cases of data breaches: The value of fines can reach up to 50 million RMB (Yuan Renminbi), the equivalent of 40 million reais or 7 million dollars, deduction of annual revenue percentage, or even termination of business.
  • Mandatory security controls: The processing of personally identifiable, sensitive, or critical information must be subject to strict mandatory security controls and personnel responsible for handling it must receive appropriate training. 
  • Mandatory location of data: The processing of personally identifiable information is limited to the boundaries defined by the China Cybersecurity Administration – CAC. If a company exceeds these limits, it must provide the location of this data.

Key Points of the Chinese Law

The law presents requirements and regulations on the legal form of handling personally identifiable information, which is those that somehow identify the user in electronic media, including critical state security information and sensitive information involving religion, beliefs, ethnicities, financial information, user tracking, and others. 

Thus, some key points can be highlighted that must be observed by companies in operations that deal with information of this nature.

User Consent

Before any operation with personal data, companies or interested parties must request the consent of the users, who must be explicitly notified about any matter related to the processing of their data, including the identity and contact information of those responsible for handling it. (Article 24)

Organizational Management 

Those responsible for handling the data must adopt security measures that ensure protection against intrusion, leaks, or theft during data collection, distribution, and processing. Some of these measures involve data encryption and proper training of those responsible for operations and/or overseeing operations. (Articles 50, 51, 52)

Individuals’ Rights

Users must have the right to access their own data, being able to modify them, delete them, decide when their information can or cannot be processed, or request an explanation about the processing. (Articles 44, 45, 46, and 48)

Data Transfer Borders

The transfer of data outside China can only be done with the explicit consent of the subjects, who must be notified when their information is transferred outside Chinese territory. When processing crosses borders, an organization undergoes a security assessment, which must be approved to proceed with operations. (Articles 39 and 40)

Data Location

When organizations reach the limit of data volume defined by CAC, they must maintain the storage of the information already collected and generated on the premises of the Chinese territory. Article 40)

What Can We Expect as Next Steps?

The approval of the Law affected various sectors of the economy and raised concerns for Chinese companies and European multinationals, especially the ‘Big Techs’. In this sense, companies that deal with the distribution, collection, and processing of data, as well as the development of software and related activities must work ethically and morally, paying attention to all the requirements established by the law, if they want to ensure the smooth running of their business and a good reputation.

Are you enjoying this post? Join our Newsletter!

5 + 2 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users,...

Understand the Cyberattack that Affected Kaseya

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers. The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to...

Main Cybersecurity Challenges for Brazilian Companies

Information security is very important to companies, so investing in cybersecurity must always be considered a priority. However, Brazilian companies still face several challenges in this sector. Do you know what the main cybersecurity challenges are for Brazilian...

The benefits of Using Cloud Computing

Cloud computing has been around for some time, and while data points to the efficiency, cost-effectiveness, and competitive advantages it has, a large part of the business community continues to operate without it.  According to a study by the International Data...

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from...

Understand the Cyberattack that Affected Kaseya

Understand the Cyberattack that Affected Kaseya

Understand the Cyberattack that Affected Kaseya

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers.

The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to return access to the data in exchange for 70 million dollars, equivalent to 364 million reais.

Hackers promised to release a decryptor so that all files could be recovered in at least an hour after paying the ransom.

Known as “REvil”, the organization claimed responsibility for the virtual attack on Kaseya. It was also responsible for the invasion that halted production at JBS, the world’s largest meat processor, in June this year.

Domino Effect

Headquartered in Florida, United States, Kaseya is responsible for the remote monitoring and management program used by more than 40,000 companies. Of these, only 60 were directly affected by the cyberattack.

However, as many of Kaseya’s customers provide services for other businesses, the systems are interconnected in a network.

This connection resulted in a domino effect, as the installed malware quickly spread and encrypted the files it found along the way.

The supermarket chain Coop, in Sweden, had to suspend the operation of its stores because it was unable to use the cash register system, which was managed by one of Kaseya’s client companies.

How Did the Invasion Take Place?

The type of virus was ransomware that can encrypt computer files. Access is only granted upon payment of a ransom to the hacker, that is, it is like a data hijacking in the digital world.

In this type of cyberattack, ransomware infiltrates frequently used software and spreads as systems are updated.

Encryption is the practice of encoding data, causing it to no longer have the original format and, therefore, no longer be readable by its owners.

Files can only be decrypted and returned to their original format through the use of a specific decryption key. It is for this key that Russian hackers ask for the ransom, as without it the data becomes useless.

Measures

This can be considered the biggest cyber-attack with ransomware of all time, as it reached a proportion never seen before in similar cases.

Kaseya asked customers using its system administration platform, VSA, to immediately shut down their servers to try to prevent the possibility of their information being captured by the cyberattack.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Agency (CISA), among other US officials, assisted in the investigations.

US President Joe Biden has warned Russian leader Vladimir Putin to take action against hackers who have been operating in Russia for a long time.

On July 12th, Kaseya has reported that it had fully recovered the servers. These attacks are an increasingly profitable way to take hostages in the virtual universe.

How Does the Russian Group Operate?

REvil, also called Sodinokibi, is one of the best-known hacker gangs today. It operates with dozens of individuals in a “professional” regime with the division of tasks.

While one part of the group invades the systems, the other is responsible for constantly maintaining the ransomware, managing the group’s financials, and negotiating the rescue of the data with the victims.

Hackers drive the attack into double extortion mode, which occurs when Internet hackers take control of the network, extract important and sensitive data, and activate ransomware that encrypts victims’ data.

Then, they ask for a ransom in cash or bitcoins so that they return control of the data and do not disclose the information obtained illegally.

The group explored a series of “zero-days” in the product that allows it to bypass its authentication, arbitrarily upload files, and install pirated software.

With this, they can use a series of tactics and tools to move around the network and have access to all the files that are present.

A tool from Kaseya itself may have been used to take control of the system and activate the malicious software, as it has high-level access privileges on the machines, passing in an authorized way through antivirus.

The exact form used by the group is still unknown, however, the flaws of the American company’s protection to its systems became clear.

 

Are you enjoying this post? Join our Newsletter!

8 + 8 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users,...

Understand the Cyberattack that Affected Kaseya

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers. The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to...

Main Cybersecurity Challenges for Brazilian Companies

Information security is very important to companies, so investing in cybersecurity must always be considered a priority. However, Brazilian companies still face several challenges in this sector. Do you know what the main cybersecurity challenges are for Brazilian...

The benefits of Using Cloud Computing

Cloud computing has been around for some time, and while data points to the efficiency, cost-effectiveness, and competitive advantages it has, a large part of the business community continues to operate without it.  According to a study by the International Data...

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from...
Main Cybersecurity Challenges for Brazilian Companies

Main Cybersecurity Challenges for Brazilian Companies

Main Cybersecurity Challenges for Brazilian Companies

Information security is very important to companies, so investing in cybersecurity must always be considered a priority. However, Brazilian companies still face several challenges in this sector. Do you know what the main cybersecurity challenges are for Brazilian companies?

With this article, you will understand the aspects that Brazilian companies face regarding cybersecurity, especially nowadays with the increase in remote work.

What is Cybersecurity?

Cybersecurity is a tactic to protect against threats and attacks on computer networks, servers, and company databases and information.

With the increasingly frequent use of digital media within organizations, regardless of their size, information has great weight and value within the market, so it can be seen as a currency of exchange and negotiation.

From this perspective, performing this protection is essential and can guarantee a company’s position in the market and prevent the occurrence of serious security incidents, such as data leaks and theft, which can be devastating for the business.

That is why companies invest in cybersecurity so that they have systems to protect their entire digital structure, servers, equipment, and accesses.

Thus, the intention is to allow access only to authorized people, prevent attacks and data modification, and other actions that can be performed by criminals who work in this environment.

This need is growing because just as technology undergoes updates that help companies improve their security systems, the contrary also happens.

That said, in Brazil, there are still several challenges to be faced in relation to this issue. In fact, in 2019, the country was the fourth most attacked by criminals who work in data theft – mainly financial data – according to research by Kaspersky.

As a consequence, there is a need to overcome obstacles to achieve a better level of cybersecurity. Check some of these main obstacles below.

Lack of Full-time Monitoring

One of the main challenges observed when it comes to cybersecurity failures is that many Brazilian companies are exposed to attacks depending on the time and day.

The ideal, in turn, is for companies to have teams prepared to detect when cyberattacks occur, including at night, on weekends, and holidays.

Are you interested in getting more details about this matter of great importance? Visit our website and see many other articles on the subject!

Lack of Employee Training

Another challenge to be faced is the lack of preparation of company employees. There is a need for constant training and updates for employees, as often the infrastructure is susceptible or is under attack and employees do not have the necessary knowledge to identify it.

With this, something subtle that could be identified in the first moments of data invasion ends up going unnoticed, which allows the attacks to continue and the failures in the system and the team to be leveraged to damage the company.

Home Office Cybersecurity

Home office work is also among the challenges that Brazilian companies face regarding cybersecurity. This working model is increasingly used by companies from all industries and the trend may be that it will continue to grow, as it can reduce costs and be very advantageous in several aspects. However, in terms of information security, employees working in home office mode make the company’s systems and data more vulnerable and susceptible to attacks.

This is because employees often use personal computers without proper protection and which can bring considerable risks to the company’s system.

So, there is a need for investment and overcoming this obstacle so that companies are prepared and have a high level of cybersecurity, even when the work is performed outside the company’s premises.

When all the obstacles are brought together, along with many others not covered in this article, the result is a high-risk exposure to companies, which can have serious consequences.

That’s because all types of transactions are currently done digitally, with data storage for customers, service providers, employees, company data, and even financial data.

Thus, when this information is vulnerable within a company, without constant supervision and without improving existing protection systems, the chances of attacks are great.

Consequently, cybersecurity in Brazilian companies must undergo a revolution in many terms. Moreover, systems that are already in use should always be updated as threats emerge daily.

Only then, with constant vigilance and using all available resources to create strong and efficient strategies, information can be protected and better handled in companies.

Until that happens, it is important to increase vigilance and perform constant checks. That is also true because, depending on the level and size of the company, the target of attacks can be even greater, with equally greater consequences.

And not only that, but companies have a legal obligation to efficiently protect customer data and information. Leaks can be catastrophic and create a network of uncertainties for customers, making the development and maintenance of the company suffer.

In conclusion, cybersecurity is a sector that still has many significant gaps in Brazilian companies which must be closed so that the level of information security reaches an efficient and more satisfactory level, offering fewer risks to everyone, both to the company and those who trust it with their data.

Did you like to learn more about the cybersecurity challenges for Brazilian companies? So, visit our website right now and request a demo of our solution to understand how it can help you build your information security strategy!

 

Are you enjoying this post? Join our Newsletter!

3 + 9 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users,...

Understand the Cyberattack that Affected Kaseya

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers. The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to...

Main Cybersecurity Challenges for Brazilian Companies

Information security is very important to companies, so investing in cybersecurity must always be considered a priority. However, Brazilian companies still face several challenges in this sector. Do you know what the main cybersecurity challenges are for Brazilian...

The benefits of Using Cloud Computing

Cloud computing has been around for some time, and while data points to the efficiency, cost-effectiveness, and competitive advantages it has, a large part of the business community continues to operate without it.  According to a study by the International Data...

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from...

The benefits of Using Cloud Computing

The benefits of Using Cloud Computing

The benefits of Using Cloud Computing

Cloud computing has been around for some time, and while data points to the efficiency, cost-effectiveness, and competitive advantages it has, a large part of the business community continues to operate without it. 

According to a study by the International Data Group, 69% of companies are already using cloud technology in some way and 18% say they plan to implement cloud computing solutions at some point. 

Dell, meanwhile, reports that companies investing in big data, cloud, mobility, and security enjoy revenue growth up to 53 percent faster than their competitors. 

As this data shows, a growing number of technology-savvy companies and industry leaders are recognizing the many benefits of the cloud computing trend. 

Thinking about it, we brought some relevant information for appropriate knowledge of the subject. Keep reading and find out what the main benefits involving the use of Cloud Computing are for your business.

What is Cloud Computing?

Cloud computing is an Internet-based computing solution. In the past, people ran applications or downloaded software programs on a physical computer or a local server. Cloud computing allows people to access the same types of applications remotely.

This technology is based on the premise that the main computing takes place on a machine, often remote, that is not the one currently being used. The data collected during this process is stored and processed by remote servers (also called cloud servers).

By hosting software, platforms, and databases remotely, cloud servers free up the memory and potential of individual computers. Thus, users can securely access cloud services with the credentials received from the provider, for example.

What Are the Main Benefits of Cloud Computing?

Here is a list of the key benefits a company can achieve by adopting cloud infrastructure.

Speed

The ability to launch new cloud computing instances in a matter of seconds has reshaped the agility and speed of software development. Developers can easily test new ideas and design architectures without the need to rely on on-premise hardware limitations or bureaucratic acquisition processes.

Security

One of the biggest concerns for all companies, regardless of their size and industry, is the security of their data. Data breaches and other cybercrimes can devastate a company’s revenue, customer loyalty, and brand positioning.

The cloud offers many advanced security features that ensure data is stored and handled securely. Features such as granular permissions and access management through certain roles can restrict access to sensitive data to only those employees who need to access it, thus reducing the attack surface for malicious actors.

However, cloud storage providers implement basic protections for their platforms and the data they process, such as authentication, access control, and encryption. From there, it is up to companies to complement these protections with their own security measures in order to strengthen the protection of data and restrict access to confidential information in the cloud.

Real-time Collaboration

Cloud environments allow for better collaboration between teams: developers, QA, operations, security, and product architects are all exposed to the same infrastructure and can operate simultaneously without stepping on each other’s toes. 

Cloud roles and permissions help improve visibility and monitoring of who did what and when to avoid conflicts and confusion. Different environments can be built for specific purposes, such as testing, quality assurance, demonstration, or pre-production. 

Data Backup and Recovery

The fact that data can be stored in the cloud without major capacity constraints also helps with backup and recovery purposes. 

As end-user data changes over time and needs to be tracked for regulatory or compliance reasons, older versions of the software can be stored for later stages in cases where it would be needed for recovery or rollback.

Permission Control

Having control over sensitive data is vital to any business. You never know what can happen if a document falls into the wrong hands, even if it is just the hands of an untrained employee.

The cloud allows full visibility and control over your data. You can easily decide which users have which level of access to which data. This gives you control and streamlines your work, as the team will easily know which documents are assigned to them. 

Furthermore, it will increase and facilitate collaboration. Since a version of the document can be worked on by different people, there is no need to have copies of the same document in circulation.

Competitive Advantage

Not all companies will move to the cloud, at least for now. However, organizations that embrace the cloud find that the many benefits it offers positively impact their business.

The adoption of this mechanism increases every year as companies realize it gives them access to world-class enterprise technology.

By using a cloud-based solution, a company can avoid many issues that affect organizations that rely on on-premises infrastructure.

Did you like everything discussed here? So, add to your reading and Find out Which Virtual Attacks Are Most Common in Companies and How to Avoid Them

Are you enjoying this post? Join our Newsletter!

14 + 4 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users,...

Understand the Cyberattack that Affected Kaseya

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers. The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to...

Main Cybersecurity Challenges for Brazilian Companies

Information security is very important to companies, so investing in cybersecurity must always be considered a priority. However, Brazilian companies still face several challenges in this sector. Do you know what the main cybersecurity challenges are for Brazilian...

The benefits of Using Cloud Computing

Cloud computing has been around for some time, and while data points to the efficiency, cost-effectiveness, and competitive advantages it has, a large part of the business community continues to operate without it.  According to a study by the International Data...

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from...

The Biggest Cyberattacks of Recent Years

The Biggest Cyberattacks of Recent Years

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from the digital security industry. 

One of the biggest challenges is to keep up with the evolution of these crimes, because as technology advances, crimes become increasingly strategic and sophisticated, requiring even more technological advances and security efforts, in addition to repeating a cycle that is difficult to prevent.

In recent years, especially during the coronavirus pandemic, in which most companies are adopting new work alternatives, migrating to digital environments, the role of criminals has been strengthened. 

According to data from FortiGuard Labs, the year 2020 had 41 billion attempts of cyberattacks in Latin America. The good news is that while these attempts are taking place, the cybersecurity industry has also worked hard and strengthened itself to ensure as much security as possible for digital media and to weaken this cycle of attacks.

To get a sense of this problem’s scale and the lessons we can pass on to those who want to strengthen the security of their information, we have listed the 5 biggest cyberattacks in recent years. Check it out below.

Solar Winds: The Biggest and Most Sophisticated Attack in History

In 2020, Solar Winds, an information infrastructure company, suffered what can be considered, according to Microsoft’s President Brad Smith, as “the biggest and most sophisticated attack the world has ever seen”. This is because several tactics and techniques of cyber invasion and espionage were employed. 

Hackers have inserted malicious software into Solar Winds’ monitoring software update that has been sent to up to 18,000 customers. These include Microsoft companies and the US Departments of Energy, Justice, and Nuclear Safety. But it was FireEye, one of Solar Winds’ client companies, the first victim to identify the attack. 

In the Microsoft attack alone, according to its president, at least a thousand engineers took part. Ongoing investigations indicate that the operation is very complex and surprising even for specialists, as it combines very advanced and stealthy techniques, which have bypassed the radar of the most experienced security specialists. This made everyone apprehensive about a critical vulnerability in the technology infrastructure.

Colossal DDoS Attack Against Dyn

Dyn, an American company of DNS (Domain Name System) services, has suffered a DDoS attack, which, in general, is a type of attack that intensifies data traffic and overloads a certain server, making it unavailable to users.

This attack caused a system crash for all the company’s customers in 2016, who had virtual newspapers and magazines from the United States and other large companies among them: Amazon, Netflix, PayPal, Spotify, Tumblr, Twitter, GitHub, Xbox Live, and PlayStation Network. 

It was an event known as “The American Internet Blackout”, one of the biggest DDoS attacks in recent times.

ASUS Automatic Updates

One of the largest laptop manufacturers in the world, ASUS, was the target of a hacker attack in 2018, with an automatic software update that infected nearly 1 million users worldwide. 

The attack targeted 600 computers, but the malware spread and reached more users. As the attackers used the company’s legitimate security certificate during the action, it was almost impossible to raise suspicion.

This type of crime can increase users’ distrust and lead them to avoid machine upgrades, which can raise the level of vulnerabilities and cause even bigger problems. 

STJ: Great Cyberattack in Brazil

Brazil is one of the countries with the highest number of users connected to the Internet, and according to the Internet Security Threat Report, released in 2019, the country occupies third place in the ranking of cyberattack attempts, fourth in bot attacks, and seventh in crypto-jacking.

As might be expected, government agencies are not left out of vulnerability for cybercrime. In Brazil, the biggest data attack involved the STJ (Supreme Court of Justice), a target of the ransomware action, which invaded more than 1,200 servers of the institution and destroyed the backups on the machines. 

On the scale of this attack, Marta Schuh, Director of Cyber Insurance at the international broker Marsh, stated that: “It was like the STJ databases could be placed inside an incinerator.” As expected, the criminals offered to ransom the information in exchange for a sum of money.

 

A Leak of Sensitive Data from Over 100 million Americans

Paige A. Thompson, a former Amazon employee, was responsible for hacking the database of Capital One, a US financial institution, compromising the data of more than 100 million Americans and 6 million Canadians by obtaining access to personal data of credit card requests. 

Although the affected information does not contain the users’ credit card numbers, as Capital One claimed, the damage will cost around $150 million to boost the institution’s digital security.

Other Relevant Data on Cybersecurity in 2020

  • 60% of users say they are poorly informed about cybersecurity. (ESET Survey).
  • Lack of backup is the main cause of loss of money for 3 out of 4 users (ESET Survey).
  • Of the top causes for data leaks, 16% are exploiting third-party software vulnerabilities, 19% are cloud-server misconfiguration procedures and login data breaches, and 14% involve phishing activities. (IBM)
  • 52% of data leaks were due to malicious attacks and 23% to human error. (IBM)
  • Only 61% of users believe that some of their passwords are secure. (ESET Survey)
  • The most used password in 2020 was “123456”, accounting for two and a half million users. (Nordpass)
  • 40% of consumers worldwide use between one and three financial applications, but only half have security software installed on their devices. (ESET Survey)
  • Reports of cyberattacks grew 400% during the pandemic. (FBI)
  • DDoS attacks increased 151% in the first half of 2020. (Neustar)

What Can We Expect from the Future?

The trend for the future is to have more devices and users connected to the Internet around the world, which could further increase the number of cyberattacks and attempts. On the other hand, it has been increasingly difficult and outdated to live in a non-digital world even to perform simple everyday tasks. 

Therefore, more than ever, digital security must be a concern for companies and governments, which must continue to invest heavily in the prevention and control of threats, and for users, who must always keep up-to-date on the best ways to protect their data and what legal protection they can receive in cases of attack.

If you are interested in the subject, we also invite you to read the next article. After All, How to Act in Case of Data Invasion and Theft?

 

____________________

 

References to mentioned research.

 

https://www.bhs.com.br/2019/07/22/grandes-crimes-ciberneticos/

https://noticias.r7.com/distrito-federal/jornal-de-brasilia/mp-no-df-abre-inquerito-para-apurar-vazamento-de-dados-de-clientes-do-banco-pan-04092019

https://olhardigital.com.br/2021/02/15/noticias/solarwinds-ataque-foi-o-maior-e-mais-sofisticado-que-o-mundo-ja-viu/

https://veja.abril.com.br/blog/radar-economico/brasil-sofre-seu-maior-ataque-hacker-da-historia/

https://olhardigital.com.br/2019/07/31/seguranca/hacker-vazou-dados-sensiveis-de-mais-de-100-milhoes-de-americanos/

https://canaltech.com.br/video/top-tech/7-ataques-hacker-que-entraram-para-a-historia-top-tech-10404/

https://olhardigital.com.br/2020/12/31/retrospectiva-2020/retrospectiva-2020-relembre-os-piores-ataques-ciberneticos/

https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Security_Report_2020_BR-1.pdf

https://thehill.com/policy/cybersecurity/493198-fbi-sees-spike-in-cyber-crime-reports-during-coronavirus-pandemic

 

Are you enjoying this post? Join our Newsletter!

13 + 2 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users,...

Understand the Cyberattack that Affected Kaseya

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers. The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to...

Main Cybersecurity Challenges for Brazilian Companies

Information security is very important to companies, so investing in cybersecurity must always be considered a priority. However, Brazilian companies still face several challenges in this sector. Do you know what the main cybersecurity challenges are for Brazilian...

The benefits of Using Cloud Computing

Cloud computing has been around for some time, and while data points to the efficiency, cost-effectiveness, and competitive advantages it has, a large part of the business community continues to operate without it.  According to a study by the International Data...

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from...

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Digital Sovereignty: The Precepts of Senhasegura According to an American Periodical

Nomenclatures and acronyms are part of the routine of those who work in the technology area. Picture a physical archive room, the kind we see in movies and series set in hospitals or police departments, separated by a bookcase full of folders: when we get to the Privileged Access Management (or PAM) sector ⎼ look at one of them ⎼ we come across a file full of names and features that help us protect critical systems.

Under the theme “A meeting between security and efficiency”, the North American magazine Cybersecurity Review has published an article on the premises and services of senhasegura’s PAM in its most recent edition, explaining a little of the names and purposes of the mechanisms that make up the product, going through a brief explanation of the company’s history and ending with a success story. Within this entire trajectory, the goal of the article is to bring to light the mission of senhasegura to work on digital sovereignty and to defend the right to data protection of citizens and organizations, whether public or private, small or large, wherever they are.

Browsing Is a Must

Companies that were not born in the virtual environment need to migrate to this space for reasons of adaptation, brand positioning, maintenance of activities and relationship with customers. In a study performed by Statista (German market data research company) and published on Cuponation’s website, 4.66 billion people became active internet users in the first half of this year alone, which corresponds to 59.5% of the world population. With so many people consuming behind the screens, modern cybersecurity solutions – as is the case with PAM – are the walls of the corporate networks for those who provide services or leisure. 

 

That’s what Cybersecurity Review quotes: 

“In the ever-evolving digital landscape, cybersecurity is NOT a project anymore. In the wake of the changing digital trends and technological advancements, it is of survival for any company. The increasing cyber threats and other illicit activities make identity and access management (PAM) a crucial part of any business. The recent shift to remote work culture and increasing dependence on digital files made Privileged Access Management a focal point of every organization’s security model.

 Ineffective management of privileged access allows malicious agents to access a company’s critical information and exploit the same, threatening data privacy and aggravating security concerns. Traditional preventative cybersecurity approaches are no longer enough to withstand the rising tide of the cyber threat landscape. To deal with the current and emerging cyber threats, companies require next-generation solutions and defense capabilities, and São Paulo-based senhasegura is the one company excelling in addressing security challenges of organizations”.

Do you want to read the full article? Access the digital version of the magazine: CYBERSECURITY REVIEW – AUGUST 2021.

 

Are you enjoying this post? Join our Newsletter!

11 + 3 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

China has Published Its Specific Law for the Protection of Personal Data. What Are the Implications?

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users,...

Understand the Cyberattack that Affected Kaseya

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers. The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to...

Main Cybersecurity Challenges for Brazilian Companies

Information security is very important to companies, so investing in cybersecurity must always be considered a priority. However, Brazilian companies still face several challenges in this sector. Do you know what the main cybersecurity challenges are for Brazilian...

The benefits of Using Cloud Computing

Cloud computing has been around for some time, and while data points to the efficiency, cost-effectiveness, and competitive advantages it has, a large part of the business community continues to operate without it.  According to a study by the International Data...

The Biggest Cyberattacks of Recent Years

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from...