KPMG: More than half of companies reported data hijacking attack

A report produced by KPMG points out that, in the last year alone, more than half (51%) of the companies surveyed reportedthreats ransomware – a program created to block access to a computer system until a cash amount is paid as a ransom, usually using bitcoin virtual currency. In addition, there was a 100% increase in the average number of payment requests of this type in the same period, compared to 2019. The publication “The new model of ransomware” (The changing shape of ransomware, in English) analyzed the change in behavior of this type of attacks, factors of concern for companies and identified proactive and reactive measures to be taken to combat this type of threat.

The study indicated that the massive use of remote communication tools, mainly due to social isolation and the expansion of teleworking, has transformed the global landscape and increased the risks of cyber attacks. According to the survey, 29% of cyber attacks occur via email and another 21% via remote access. Of this total, 41% of reported offenses were linked toaccounts software malicious.

“The expansion of remote work has increased the concerns of companies. The unexpected extension of corporate networks to the homes of employees and the intense traffic of data created a fertile ground for virtual attacks of all types”, analyzes the cybersecurity partner at KPMG, Edson Honda.

The report also highlights the importance of preventing such incidents, as the average global cost to remedy aattack is ransomware around one million dollars. Another important point highlighted by the study is that, when such offensives are successful, the company has to bear tangible costs (such as lost revenue while the systems are inoperative, remediation costs, indemnification or customer litigation) and the costs intangibles. The latter are more difficult to measure, but are mainly related to the loss of reputation.

According to the research, many attacks occurred from the vulnerabilities present in the systems, but simple preventive actions can reduce the chances of an incident. The document also points out the main steps to curb attacks, such as: evaluating basic information, promoting employee training, evaluating remote work, maintaining backup copies and carrying out, with the team, exercises to simulate responses to threats.

“At a time when many cannot afford to suffer business disruptions, we see cybersecurity threats growing. With remote work set to continue, it is even more fundamental for organizations to protect themselves and protect employees and customers from attacks,” sums up the partner.

KPMG: Digitization Demands a New Approach to Addressing the Cyber ​​Threat

Organizations around the world made strides in remote work and collaboration during the covid-19 pandemic, but the proliferation of digitization is creating major cyber threats that require radical cultural shifts at the Council level. KPMG's report “From Executor to Influencer: Shaping the Security Team of the Future” suggests that business leaders ensure that cybersecurity experts are part of senior executives' decision-making process, with digitization at the heart of security strategies. future growth. Actions were developed after extensive dialogue with senior cybersecurity leaders around the world who identified universal opportunities and challenges facing information and digital technology roles in leading companies. 

The report offers seven key recommendations to information technology leaders and directors of information security:

1. Act as if you belong to the highest level - Directors of information security must speak the language of senior executives, gaining consensus, demonstrating pragmatism and navigating through politics to help leaders understand the cyber implications of strategic choices.

2. Broaden your horizons - Information security directors' responsibility is increasing to include data protection, addressing disruptive events to maintain operational resilience, third-party management, managing regulatory compliance, and helping to combat enabled financial crimes by the cyber environment. This requires them to establish strong working relationships with other business leaders, including risk, data and technology.

3. Include Cybersecurity in Organizational DNA - Today's information security directors must be sophisticated communicators, working with other business leaders to embed cybersecurity into the organization's DNA. This involves integrating security into governance and management processes, education and awareness, and establishing the right mix of corporate and personal incentives to do the right thing.

4. Shape the Future Cyber ​​Security Workforce - Information security directors will need to acquire skills from outside the organization, establish new partnerships, and seek out diverse and unconventional talent. In the future, we may even see the cyber function becoming much smaller, taking on a strategic and governance role, with cyber security truly embedded in the business.

5. Embrace automation as the rising star - Automation can reduce manual workload and decrease skills shortages, bringing greater efficiencies and helping to meet growingrequirements compliance in a consistent and reproducible way. It can also help embed security and improve the user experience, and reduce response time to a major cyber incident.

6. Prepare for more disruptions - We are moving towards a hyperconnected world in which the Internet of Things and 5G will vastly increase efficiency and enable radically different business models. However, it also opens organizations to new attack surfaces and raises data privacy issues — requiring a shift to new data-centric security models.

7. Strengthen the cybersecurity ecosystem - Organizations today are part of a complex ecosystem of vendors and partners, united through shared data and services. Conventional contracts and accountability models seem inadequate to the rapidly evolving supply chain threat, requiring a new partnership approach that brings security to all parties and individuals. 

“At the base of the recommendations is a recognition at the executive level that digital security experts should be key players in overall decision-making processes, guiding the future direction of the business, developing a robust digital infrastructure, embracing innovation and helping to identify potentially critical threats ahead,” says Leandro Augusto, lead cybersecurity partner at KPMG.