It is believed that, in 2023, everyone is aware of the importance of investing in cybersecurity in order to maintain the protection and confidentiality of information, especially in the business environment. This is because, alongside technological advancements, increasingly efficient strategies have emerged for diverting confidential data and causing problems through malicious applications.
Each passing year, the losses caused by cybercriminals reach gigantic figures, hindering business operations and even forcing companies to shut down. According to information from Cybersecurity Ventures , there is an estimated eight trillion dollars in losses this year alone, making cybercrime one of the world's largest economies.
Regarding the gains obtained with this type of strategy, there is an expected growth of 15% per year until 2025. This is causing companies to invest more and more in cybersecurity.
For this reason, it is necessary to adopt strategies for recognizing digital vulnerabilities in order to protect information . One of the biggest drivers for the growth of cybersecurity strategies is the increasing use of cloud computing, considering that it is a technology that adds a lot of practicality and allows for more efficient and complete information exchange.
The advancement of artificial intelligence has also highlighted the need to adopt tools focused on protecting information. The General Data Protection Law , recently implemented, establishes in its articles protocols and basic requirements for companies to guarantee the confidentiality of the information handled and stored. Failure to comply with this law can cause numerous losses for businesses.
Gain a better understanding of how the LGPD (Brazilian General Data Protection Law) can impact your organization:
Data Security
Continuing with what is established by the General Data Protection Law , we need to understand that protecting the information collected, handled, and stored by a company must be a priority for the business . This legislation's main objective is to guarantee that the collected data remains confidential to protect its owners and to prevent its illegal use.
In Brazil, data breaches are one of the main problems affecting companies of all sizes and sectors , ranking third as the country most affected by a major data breach that hit the Chat GPT platform.
Check out the top news stories in 2023 about data security:
The GPT Chat Leak | Olhar Digital
GPT chat is a platform from OpenAI that has gained a lot of popularity in recent months. Users from all over the world have been using this platform to develop projects and even for entertainment . The big problem is that many of these users do not recognize the risk of entering personal information and end up contributing to data breaches.
Recently, this platform suffered a major data breach, putting the information of thousands of registered Brazilian users at risk and causing numerous losses. The information from these compromised accounts was exposed on the dark web , calling into question the confidentiality and reliability of the artificial intelligence platform.
Among the countries most affected by this leak, India, Pakistan, and Brazil are at the top of the list. These numbers demonstrate how Brazilian users are neglecting certain precautions to protect their personal data . This is because the data breach was not caused by a security flaw in the platform, but rather by security problems directly located on the devices of the affected users, such as the Racoon virus .
Crisis in the Ethereum blockchain | Exame
Vitalik Buterin's (Ethereum blockchain developer) personal X (formerly Twitter) account was recently hacked, and cybercriminals used the access to perpetrate a scam. By falsely claiming to be offering a cryptocurrency giveaway, these cybercriminals victimized hundreds of users and caused losses of US$800,000.
The false publication was made available on the 9th of this month on Vitalik Buterin's personal account, announcing the launch of NFTs (Non-Fungible Tokens), accompanied by an access link. This link requested registration, and users provided various personal information, including digital wallet details.
With this information in hand, cybercriminals diverted thousands of crypto assets and caused significant losses for users. Account access has since been restored, but the damage caused was enormous.
Cryptocurrency theft in North Korea | Exame
In 2023 alone (with consolidated data from January to August), North Korean cybercriminals have already diverted US$200 million in assets. To do this, these hackers use various strategies, covering their tracks and preventing the recovery of these cryptocurrencies.
Once they manage to divert these funds, these assets go through a conversion process into fiat currency, where the responsible authorities are unable to exercise more assertive control.
The company Atomic Wallet suffered a cryptocurrency theft in June 2023 , incurring a massive loss of US$100 million. The scam was linked to the Lazarus cybercriminal group, which has been carrying out numerous similar scams in North Korea.
Network security
When discussing internet use by businesses, network security is one of the most important aspects to consider. All confidential and vital information for business continuity circulates through the corporate network. Therefore, it becomes necessary to adopt strategies to ensure that this data remains confidential during the exchange of information by employees.
It is very important for companies to adopt tools and resources that help keep network traffic more secure and prevent problems and information leaks. Many cyber threats end up reaching companies through network vulnerabilities. In this sense, having resources that help filter this traffic is fundamental to avoiding the main problems and cyber threats that can affect a business's network.
Considering that a large portion of cyber problems that cause losses to organizations can arise through failures in the company's network, as is the case with some cyber threats that we will mention below.
Check out the top network security news for 2023:
CoinEx Hack | Your Money
The well-known cryptocurrency exchange CoinEx suffered a network breach this week that resulted in numerous unauthorized transactions. With no record or traceability, these cryptocurrency transactions caused significant losses.
Although the company has not provided further details, these transactions point to a possible cyberattack, and more information from the company is needed. These illegal transfers have resulted in losses of US$27 million.
Although a cyberattack by CoinEx has not yet been confirmed, the security platform Cyvers Alert issued an alert about the incident. Using X (formerly Twitter), the company reported the suspicious transactions suffered by CoinEx as a possible cyberattack.
Central Bank data leak | Agência Brasil
The Central Bank reported the leak of 238 Pix keys belonging to Phi Pagamentos customers in 2023 , one of the largest leaks since the launch of this transaction system (Pix). This leak occurred due to flaws in the institution's systems.
Following the incident, the Central Bank reported that greater damage was avoided due to the various network monitoring mechanisms used by the system, preventing a larger impact. Currently, this system has more than 630 million keys duly registered on the platform, and a larger leak could cause irreparable damage.
The leak was limited to key data, without exposing the banking information of the affected customers. Although it was a low-impact network security issue, the disclosure was made in the interest of transparent communication with consumers.
Facebook data leak | Suno
Although the Facebook data breach is not a recent phenomenon, this year the courts ordered the company to compensate users whose information was exposed . The company was ordered to pay R$ 5,000 each to users who can prove the damages and file a lawsuit.
The lawsuit filed by the Instituto Defesa Coletiva targets the leaks that occurred in 2018 and 2019, which resulted in the disclosure of data from more than 540 million users. This information was made available on the internet and the Deep Web.
Cyber threats
Along with the approaches we mentioned earlier, other cyber threats have also emerged that have impacted the services of companies across all sectors. Check out the top news stories about cyber threats in 2023:
Phishing Attacks | Security Report
Phishing attacks remain one of the most common approaches used by cybercriminals to collect personal data and facilitate other scams. These criminals typically use email services and other messaging platforms to send malicious links and trick users into providing personal or confidential information to them.
One of the most imitated companies for phishing scams was Microsoft. According to data from Check Point Software's Brand Phishing Report , it was responsible for approximately 29% of all phishing attempts using a brand.
Another commonly used approach is ransomware attacks, which often victimize companies and organizations of all types around the world. According to a cybersecurity report released by Check Point Research , there has been an intensification of ransomware attacks targeting corporate software.
Compared to the first half of 2022, there was a 20% increase in the number of victims of ransomware attacks , with Brazil registering 1,595 such attacks during the period studied.
Malware for diverting Pix payments | Exame
Pix is one of the most widely used banking transactions today, used by thousands of Brazilians . Targeting the amounts of money transferred through this type of operation, cybercriminals have been developing strategies to obtain this money illegally.
For this reason, numerous viruses and malware have emerged that were developed to intercept the values that pass through this transaction . In most cases, these illegal platforms are designed to operate on Android devices.
The main programs used by criminals to carry out these scams are:
- PixStealer;
- PixBankBot;
- BrazKing;
- BrasDex;
- PixPirate;
- GoatRAT.
DDoS attack | Cloudflare
DDoS attacks can cause real disruption to organizations that rely on their digital resources to maintain business continuity. The main objective of this type of cyberattack is to hinder legitimate users' access to a company's services or websites.
With the help of previously infected zombie computers, cybercriminals send an absurd number of requests to the page in question, causing a large volume of traffic. In this way, the attack ends up preventing real users from accessing this content or service.
Depending on the size of the attack, the company's services may be unavailable for days or weeks, resulting in immense financial losses for the business . In 2023, there were multiple DDoS attacks, mainly due to the conflict between Russia and Ukraine.
Data from the 2023 DDoS Threat Report demonstrated a substantial increase in DDoS attacks in the second quarter of 2023, primarily due to the Ukraine-Russia conflict.
There were also a large number of attacks against cryptocurrency companies, disrupting transactions and causing significant losses.
Relevant articles on cybersecurity in 2023
To help you stay even more informed about cybersecurity, we've compiled a list of some very interesting articles that provide relevant information on this topic.
Top 10 data security breaches in 2023
This informative article compiles the 10 biggest data security breaches that occurred worldwide in the first half of 2023. Considering that cyberattacks can victimize not only large corporations but also smaller businesses, it is impossible to predetermine a target group that might suffer from this type of threat.
Among the major attacks that affected the world this year, we can mention the ransomware attack suffered by Ferrari, the large data breach of the GPT chat platform , and the leak of confidential documents from PwC.
Network security: the secret to MSP productivity
The growth of IT service outsourcing has placed MSPs in a highly competitive and exponentially growing environment. To stand out in the market, these companies need resources and tools that help ensure greater productivity and achieve a competitive edge.
Network security is fundamental for MSPs to provide secure and efficient services and ensure their customers get the most out of the tools offered. For this reason, it's necessary to have the right resources to deliver the expected results and prevent customers from suffering from any type of cyber threat.
To help your company prepare in the best way possible, this article offers very valuable tips. With the help of these recommendations, your MSP can grow substantially.
Digital security and DNS: protection against cyber threats
Through DNS, it is possible to convert IP numbers into website addresses, facilitating navigation and access for all users to developed pages. Without this technology, it would be much more difficult to locate pages on the internet, since users would need to provide the IP number related to that access.
Domain names facilitate this process and ensure that specific tools are developed for filtering access and protecting corporate networks and devices.
In this exclusive article from Lumiun, we discuss the topic, bringing you everything you need to know about DNS filtering and the benefits this feature can bring to your business. In addition to providing greater cybersecurity for stored information, it also directly contributes to increased employee productivity.
Recommended articles on cybersecurity
We've also included some very interesting articles to enrich your knowledge of cybersecurity; see below.
How to identify if you are on a hacked website | Kaspersky
Identifying whether a website is secure is fundamental to ensuring data privacy. This article provides essential tips to prevent your information from being exposed to cybercriminals.
Some signs that can be found on this type of page can help you determine if the content is safe for your data. With more and more phishing strategies that can be implemented on the internet, it is necessary to maintain a preventive approach to avoid the problems caused by this type of scam.
The problems caused by cyber threats and traps can lead to your company suffering from service downtime and decreased revenue. For this reason, it is necessary to have strategies in place to identify potentially malicious websites.
5 cybercrime trends that demand attention | WeLiveSecurity
Every day, cybercriminals look for ways to cause problems and steal information illegitimately. Along with technological advancements, malicious software has also been developed to carry out extremely damaging cyberattacks.
This article highlights drastically impact security
An important piece of information is that the leakage and theft of information is a strategy used by cybercriminals to finance fraud and scams . Cybercriminals use this information to develop traps and cause significant financial losses.
It is of utmost importance to stay informed about the main threats in order to avoid losses caused by cybercriminals.
8 steps to assess a company's cybersecurity risks | WeLiveSecurity
Knowing the state of cybersecurity within your company is fundamental to establishing solutions and protocols that help keep the business protected. To determine the real security needs , it is very important to identify potential vulnerabilities.
Does this mean your company isn't secure? Actually, with technological advancements, so too have the strategies used by cybercriminals to steal information and cause problems for businesses.
For this reason, it is necessary to remain attentive to any security needs that your company may have. Based on the identification of these vulnerabilities, it is possible to implement changes and improvements in your business's cybersecurity strategy.
