Month: December 2021

Throughout 2021, individuals, businesses and governments have all been concerned about combating cyber attacks.

Keeping our data safe in a world where everything is on the Internet, from travel diaries to credit card information, data protection has become one of the most pressing challenges of cybersecurity.

Ransomware, phishing attacks, malware attacks, and other cybersecurity threats are some examples. No wonder that one of the fastest growing areas in IT is combating cyber attacks.

The need for data protection is increasingly recognized by organizations.

Companies, in particular, are paying more attention, as data breaches cause great damage every year and expose large amounts of personal information.

The fight against cyber attacks is increasing as society is increasingly connected

Although many of the attacks that occurred in 2021 were caused by the increased use of the Internet as a result of the pandemic of coronaviruses and blockades, the threat to businesses remains significant.

With the cost of combating global cyberattacks estimated to reach $10.5 trillion by 2025, according to
Cybersecurity Ventures
a specialist cybercrime magazine, the threats posed by cybercriminals will only increase as organizations become more reliant on the internet and technology.

Ransomware cases increased in 2021 by about 62% from 2019, and it is considered the top threat this year. In fact, cyber threats are becoming more sophisticated during these times and are much more difficult to detect.

The nature of all attacks are much more dangerous than a simple theft. So let’s dig a little deeper into this discussion by showing the top cyber attack cases occurring in 2021.

The Colonial Pipeline

If we are going to talk about cyber attacks occurring in 2021, then Colonial Pipeline should be on the list.

Considered the largest fuel pipeline in the United States, it experienced a cyber attack in May 2021, disrupting fuel distribution in 12 states for a few days. The company had to pay $4.5 million as ransom to resolve the situation.

Florida’s supply system

A cybercriminal tried to poison the water supply in Florida and managed to increase the amount of sodium hydroxide to a potentially dangerous level.

The cyber attacks occurred by hacking into the IT systems of the Oldsmar city water treatment plant, briefly increasing the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. This scenario is an example of how an invasion of critical infrastructure at any level puts residents’ lives at risk.

Microsoft Exchange

A massive cyber attack has affected millions of Microsoft customers worldwide, in which cybercriminals actively exploited four Zero Day vulnerabilities in Microsoft’s Exchange Server solution.

At least nine government agencies, as well as more than 60,000 private companies in the United States alone, are believed to have been affected by the attack.

Aircraft Manufacturer Bombardier

A popular Canadian aircraft manufacturer, Bombardier, suffered a data breach in February 2021. The breach resulted in the compromise of confidential data of suppliers, customers, and about 130 employees located in Costa Rica.

The investigation revealed that an unauthorized party gained access to the data by exploiting a vulnerability in a third-party file transfer application.

Acer Computers

World-renowned computer giant Acer suffered a ransomware attack, being asked to pay a ransom of $50 million, which made the record for the largest ransom known to date.

A cybercriminal group called Revil is believed to be responsible for the attack. The digital criminals also announced the breach on their website and leaked some images of the stolen data.

In Brazil it was no different in terms of the intensity of attacks and cybercrime

In a survey conducted by digital security company Avast, cybercriminals continue to take advantage of the Covide-19 pandemic by exploiting people’s habits created during the lockdown period to spread scams.

Following the global trend, ransomware attacks, cryptocurrency malware, and other scams were prevalent in Brazil.

For mobile devices, adware and fleeceware are among the top threats. According to Avast, the growth of ransomware attacks in Brazil was stronger than the global average.

Combating cyber attacks is already a major concern for most Brazilian companies today, as many of these attacks occurred only in 2021, such as the one that occurred at Lojas Renner, which completely paralyzed the system.

We still had the case of the Fleury group, which was unable to perform tests for several days, and JBS, which was forced to pay US$ 11 million in ransom for the hacker attack on its operation in the United States, all these situations put the issue even more in evidence in Brazil.

Organs and companies linked to the Brazilian government have also been targeted by cybercriminals. Social Security, the Ministry of Labor, the Federal Public Ministry, Petrobras, among other organizations have also suffered attacks.

Already in 2021, the LGPD offered an opportunity for companies to rethink how they fight cybercrime.

The General Data Protection Law (LGPD) went into effect in September 2020. The overall goal of the new legislation is to establish a regulatory framework for the protection of personal data, making it easier for all Brazilian citizens to understand how their data is used and, if necessary, to file a complaint about its processing.

The goal of the LGPD can be summarized in three key points:

• Strengthening the rights of individuals;
• Train the actors involved in data processing;
• Increase the credibility of regulation through cooperation between data protection authorities.

If there is one thing that the LGPD achieved during the year 2021, it was to raise awareness about data protection and privacy issues. In practice, companies cannot sweep incidents under the rug because of the risk of revenue-based fines.

The data protection law has also given companies more visibility into the data they are collecting. The basic principle of the LGPD is that companies know what data they have and ensure that they are processing it correctly and securely.

LGPD compliant companies now have the basic elements they need to build a good information security program because if you don’t know what you have, you don’t know what to protect.

The Data Protection and Privacy Act has also changed the financial equation for organizations when it comes to privacy risk. This has encouraged companies to think holistically about risks and invest in improving privacy controls and governance.

Invest in 2022 and beyond. CipherTrust solution enables the fight against digital crime

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypt data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

CipherTrust’s solution designs data protection products and solutions against cyber attacks to meet a range of security and privacy requirements, including electronic identification, authentication, and trust.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables companies to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies data security against cyber attacks, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform offers a wide range of proven, market-leading products and solutions to ensure the fight against cyber attacks.

These products can be deployed in data centers or at cloud service providers (CSPs) or managed service providers (MSPs). In addition, you can also count on the cloud-based service managed by Thales, a leading company in the security industry.

Portfolio of tool to ensure cybercrime is tackled

With data protection products from the CipherTrust Data Security Platform, your company can:

Strengthen security and compliance

CipherTrust designs its data protection products and solutions against cyber attacks to meet a range of security and privacy requirements, including electronic identification, authentication, and trust.

In addition, these products are also compliant with the Payment Card Industry Data Security Standard (PCI DSS), the General Data Protection Act (LGPD), and other compliance requirements.

Optimizes team and resource efficiency against security incidents

CipherTrust Data Security Platform is the industry leader and provides extensive support for data security use cases.

With products designed to work together, a single thread for global support, and a proven track record of protecting against evolving threats, this platform also boasts the industry’s largest ecosystem of data security partnerships.

The CipherTrust Data Security Platform solution was developed with a focus on ease of use, with APIs for automation and responsive management.

With this solution, your teams can quickly implement, secure, and monitor the protection of your business against cyber attacks.

In addition, professional services and partners are available to assist in implementation and staff training, ensuring fast and reliable implementations.

In this way, it is possible to reduce the time required from your staff for these activities.

Reduces total cost of ownership

The CipherTrust Data Security Platform offers a broad set of data security products and solutions for protection against cyber attacks.

This portfolio can be easily scaled, expanded for new use cases, and has a proven track record of protecting both new and traditional technologies.

With the CipherTrust Data Security Platform, companies can prepare their investments to combat cyberattacks while reducing operational costs and capital expenditures.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.