The creation of a national cybersecurity policy is a true milestone in the country's cyber security sector. Given the worrying increase in cyber attacks in Brazil, it was necessary to develop a specific security policy to keep companies and users away from cyber threats.
Over the years, more and more companies have been using technological resources to maintain their activities and ensure the constant availability of their resources has become a necessity. For this reason, cybersecurity has reached a level of priority between business , and more assertive and complete solutions are required to get a safer digital environment.
The new national cybersecurity policy developed by the federal government was published on December 26 and demonstrates how this sector has been gaining visibility. After the creation of the General Data Protection Law , the other needs focused on the digital environment was evident, it is necessary to develop specific policies to increase the security and protection of technological resources.
Digital Security in Brazil
Brazil suffers over 100 billion cyber attacks . These attacks, in addition to bringing unavailability of services and damaging the company's image, also generate an average loss that can reach US $ 4.45 million (22 million reais).
Some of these incidents, such as the cyber attack suffered by the SUS system , demonstrated the need to develop a national cybersecurity policy and a specific agency to deal with these incidents. With this, we can adopt a more proactive approach when dealing with cyber attacks .
This is because, for many years, strategy has always been correctively dealing, solving problems after they happen, without adopting measures aimed at preventing and containing damage. The new national cybersecurity policy came as a strategy to bring more prevention and preparation, in order to avoid cyber attacks and the damage caused by them.
The advance of digital transformation, which was already underway, gained a real stimulus during the recent Covid-19 pandemic. Many companies have had to adopt technological tools to ensure the execution of their tasks and the continuity of their business.
In addition, several public services also needed to go through a digitization process, making these tools essential always accessible in the digital environment. The result was the increase in need for more efficient protection tools, as the leakage of information can be an unprecedented damage.
The National Cyberrseness Policy - What can we learn from this new decree?
Because it is a new legislation , there are still many doubts about the objectives and the need to apply the National Cybersecurity Policy. To assist you, we have separated some relevant topics, see below:
What is Pciber?
The main function of the National Cybersecurity Policy (PNCIBER) is to bring guidance and basis to cyber security activities in Brazil. The decree responsible for instituting PNCIBER also instituted the National Cyberrsecurity Committee (Cnciber), a team responsible for proposing updates to the new policy, and its instruments (national strategy and national cybersecurity plan).
Who decreed?
Published in the Federal Official Gazette on December 27, 2023, the decree responsible for instituting the national cybersecurity policy was signed by the president . This decree instituted not only the national cybersecurity policy, but also the National Cybersecurity Committee, the National Strategy and the National Cyberrsecurity Plan.
Who will be responsible and how will the meetings happen?
The National Cyberrseness Committee will be composed of members of civil society, scientific institutions, government and business sector organizations . Members must meet every three months to propose updates of the National Cyberrseness Policy and define new cooperation strategies.
Through these measures, the goal is to increase the level of maturity in cybersecurity in the country, bringing more awareness and resilience to the cyber attacks that can occur and harm business and users.
It will also be the objective of this committee to foster technological development and scientific research activities related to cybersecurity . Through this it will be possible to provide an exchange and exchange of information related to digital security strategies between the government, private sector and members of society.
Check out the testimony of the director of the Cyber Security Department , Brigadier Luiz Fernando, about the new national cybersecurity policy:
What are the principles of PNCIBER?
The National Cybersecurity Policy was developed to fill gaps in the Digital Information and Safety Safety Strategy in Brazil. Accompanying worrying statistics regarding cyber attacks suffered annually across the country, this legislation was created to add even more knowledge and preparation for the digital security strategy.
Although technological tools have brought numerous benefits to society, Brazil presents a certain unpreparedness about the protection strategies used. For this reason, it is on the list of countries as one of the main targets of cyber attacks around the world.
This new policy was developed based on seven fundamental principles. They are:
According to Art. 2, they are Principles of Pciber:
I - national sovereignty and a prioritization of national interests
It is important to consider the great negative impact that cyber attacks can have on companies and organizations. The leakage of confidential information, for example, can be a true enemy of national sovereignty and harm even the country's economic and political strategy. Consider, for example, the impact that the leakage of tax data and strategic information can exert under government management.
II - the guarantee of fundamental rights, especially freedom of expression, personal data protection, protection of privacy and access to information
The privacy of information has been a agenda discussed for many years. The numerous damage caused by the leakage of confidential data have demonstrated the importance of developing strategies and policies aimed at protecting information, as was the case with the General Data Protection Law a few years ago.
III - the prevention of incidents and cyber attacks, in particular those directed to national critical infrastructures and essential services to society
As we said earlier, some cyber attacks were specifically directed to government agencies . For this reason it was necessary to establish a more assertive strategy to deal with this kind of threat and avoid problems that may be out of cyber attacks.
IV - the resilience of public and private organizations to incidents and cyber attacks
Seeking to abandon a resolute policy and adopt a more proactive and predictive approach to cyber threats, this policy can add more value and preparation for companies to deal with cyber threats of all kinds.
V - Education and technological development in cyber security
The more prepared the organization and its employees and users, the easier it will be to deal with and avoid cyber threats. The National Security Policy focuses on development and technological preparation seeking to deliver quality information and greater preparation to all involved. To increase security within companies and entities, it is essential to ensure greater awareness of cybersecurity between employees and users.
VI - cooperation between public and private bodies and entities in cyber security
Establishing a process of cooperation between government agencies, private sector companies and users and preventive cyber security strategy
VII - international technical cooperation in the area of cyber security
The United States Cyber and Infrastructure Security Agency (CISA) conducts constant research on cyber threats. Through an international collaboration process between agencies it is possible to establish more assertive guidelines for a more complete security strategy.
Thus, we can understand that the national cybersecurity policy was developed based on the guarantee of rights and prevention of cyber incidents in the country. Your text brings methodologies and strategies to ensure greater preparation in the face of digital threats that can cause huge business problems of all kinds.
What are the reasons for the national cybersecurity policy to have been created?
As we have seen throughout this material, the national cybersecurity policy was created to meet and fill some gaps related to digital protection in the country. In short, the national cybersecurity policy has as its main objectives:
- Invest and provide the development of services, products and technologies focused on the cybersecurity strategy ;
- Ensure confidentiality, integrity, authenticity and availability of solutions aimed at storing information;
- Provide the protection and integrity of stored data ;
- Provide a safer and more conscious performance of users in the digital environment, especially children, adolescents and the elderly;
- Combat and prevent cybercrime;
- Encourage adoption of a cyber protection -related preventive policy;
- Minimize the impacts of cyber attacks on their incidence;
- Foster investment in scientific research and technological innovations focused on safety;
- Invest in training and cyber education;
- Provide a more coordinated performance between the government, the private sector and the general society;
- Favor international collaboration for cyber security.
National cybersecurity policy in Brazil: practical applications
Now that we understand how the national cybersecurity policy has been designed and developed, it is easier to understand how it will be in practice in Brazil. Article 6 establishes as competences of CNCIBER (National Cyberrseness Committee):
I - propose updates to PNCIBER, the national cybersecurity strategy and the national cybersecurity plan
Updates can be developed according to the needs and new demands of the market. Considering that every day cybercriminals develop new strategies to circumvent the safety system, this constant update allows the National Cyberrseness Policy to be able to track the security needs of today.
II - evaluate and propose measures to increase cyber security in the country
Allied to the previous topic, the National Cybersecurity Committee may also formulate strategies and proposals to strengthen cybersecurity in the country, according to the needs and new technological demands that come to emerge.
III - formulate proposals for the improvement of prevention, detection, analysis and response to cyber incidents
Since it is also the responsibility of the new National Security Access Policy to ensure the development of new technologies and resources focused on cyber protection, it is also the responsibility of the National Cyberrsecurity Committee to provide improvements and formulate proposals to strengthen prevention, definition and response to cyber incidents.
IV - propose measures for the development of cyber security education education
In addition to promoting the development of new technologies, the National Cybersecurity Committee is also responsible for the proposal of new measures focused on digital security culture and cyber security and training. In this sense, the goal is to educate users to make more preparation regarding the digital threats present in this environment.
V - promote the dialogue with the federative entities and the cyber security society
The committee will also be responsible for promoting a continuous communication process between the Legislative, Executive and Judiciary powers, and society, as a way to strengthen and add even more value to the security strategies implemented.
VI - propose collaboration strategies for the development of international technical cooperation in cyber security
As we have seen earlier, Brazil is in a prominent position regarding the countries that suffer the most cyber attacks. The country's unpreparedness regarding security strategies can be fought with international collaboration for cyber security.
VII-express, at the request of the Mayor of Foreign Affairs and National Defense of the Council of Government, on matters related to cyber security
We know that cybersecurity problems can have a big impact on users' routine and safety. For this reason, it is also the responsibility of the National Cyberrseness Committee to speak up, when requested by the Mayor of Foreign Affairs and National Defense of the Government Council, regarding the cyber threat that is causing problems or may become dangerous to users and companies.
Digital security measures for your business
Although it is a widely discussed subject and has been the target of debates in recent years, cybersecurity is still neglected by companies from various sectors. Ideally, solutions should be taken to protect information and help employees understand the need to adopt safer behavior in the digital environment.
An example of this is in the improper accesses that are made in the workplace. This is because many of these pages hide digital traps that can cause unthinkable problems for your business, such as leakage of information and even damaging the devices. In this sense, it is essential to adopt efficient technologies that help block these threats and mitigate the damage caused by cyber attacks, such as Lumiun DNS and Lumiun Box .
How can a DNS solution help you?
The DNS -based solution consists of a security platform aimed at protecting the internet access. Without the need for hardware, this tool is complete and practical, with an affordable cost.
With the help of Lumiun DNS , your business will be able to apply web content filters and monitor access through artificial intelligence, allowing the addition of an extra protection layer to your business networks. Another great advantage is that this solution offers specialized customer support with analysts located in Brazil. Its low latency infrastructure with AnyCast technology allows optimized websites filtering and higher results.
Access block for harmful pages
Blocking access to certain content is a strategy that can help keep your company's devices and networks away from cyber attacks. Many of the accesses made during working hours can expose the confidential information of your business and cause various problems , such as contamination of devices, unavailability of services and loss of the company's image before the market and consumers.
Lumiun Lumiun Box is a cloud -based safety tool that uses Firewall and Business VPN to provide more security and internet access control. With the help of this tool, you will be able to increase the safety of the network and the productivity of your team, especially by blocking domains that are not necessary during working hours.
In addition to increasing security, Lumiun Box will be a valuable ally in your company's growth strategy, preventing employees from accessing dangerous or dispensable pages during their working hours. This tool has a business VPN to gather all employees in a single network, using the internet more safely and efficiently.
Adopting security tools is critical to keeping your business protected and avoiding the damage caused by cyber attacks. The advancement of technology has allowed the creation of increasingly efficient resources and tools, even with artificial intelligence. The more prepared you are, the safer your business will be.
