Data Protection

The Rising Tide of Data Leaks in Brazil: A Warning to Companies and Customers

Imagine you discover a loan of almost R$94,000.00 in your name, without ever having applied for it. This is what happened to Camilla Gomes, who shared her story on
LinkedIn News.
A project analyst who, after receiving a message from a supposed flower shop, fell for a sophisticated scam.
Reason: data leakage.

Camilla went through a fake facial recognition check and, unknowingly, had her photo used to authorize the opening of a line of credit.

This is just one example of how data leaks in Brazil affect the lives of many people, leaving them vulnerable to scams and fraud.

Brazil faces a growing crisis of improper disclosures of personal and business records, ranking 12th among countries with the most data leaks in 2022. Despite the implementation of the General Data Protection Law (LGPD), cases of information theft and leakage continue to increase.

In this article, we will analyze the reasons why Brazil is one of the main targets for cybercriminals and how the CipherTrust solution can help in data protection and privacy.

Data Leaks: The Roots of the Problem

Information leaks in Brazil have several causes, and to understand them, it is fundamental to analyze the country’s digitalization history and the relationship between the public and private sectors in the defense of personal information.

  • Accelerated digitization and infrastructure failures

The digitalization process in Brazil occurred quickly, but not always with the necessary infrastructure to adequately protect personal records.

The pressure to keep up with global trends and the growing demand for digital services has led to an accelerated implementation of computerized systems, often leaving crucial security aspects aside.

  • Vulnerabilities in the public sector

Most of the data leaked in Brazil comes from public agencies, where technological updating processes are slow, and the lack of investments aggravates the situation.

In addition, the implementation of transparency systems without adequate criteria contributes to the exposure of sensitive information, making it easier for cyber criminals to access this information.

  • Design Issues in the Private Sector

In the private sector, design flaws in information systems also contribute to the vulnerability of records. An example of this is the use of personal identification numbers, such as CPF and RG, as keys to access information and financial operations.

This practice increases the value of this data to criminals and amplifies the exposure of personal information, making it easy targets for scams and fraud.

  • Insufficient privacy and data security culture

The lack of a culture of privacy and information security in Brazil is another factor contributing to the vulnerability of information.

Companies and government agencies do not always have clear and effective policies to protect the details of their customers and users, resulting in a failure to protect this information.

LGPD implementation challenges and insufficient ANPD contribute to data leaks

Although the creation of the LGPD and the ANPD (National Agency for Data Protection) represents an advance in the scenario of information defense in Brazil, the effective application of these regulations still faces challenges.

The lack of human and financial resources available to the ANPD, as well as the difficulty of adapting organizations to the new legislation, limits the scope of actions to combat data leakage and fraud.

These factors combined create an enabling environment for cyber criminals, who take advantage of the weaknesses in data safeguarding in Brazil to carry out attacks for financial gain.

To face this scenario, it is essential to invest in efficient solutions, such as the CipherTrust platform, and promote a cultural change that values privacy and the defense of personal records.

CipherTrust: Enhanced data protection and privacy for enterprises

Companies in all industries face increasing challenges in ensuring data security and privacy in an increasingly complex threat landscape.

The CipherTrust Data Security Platform solution is an integrated set of solutions that unify the discovery, protection and control of records in a single, comprehensive platform, addressing the challenge of enterprises regarding information defense and privacy.

Main benefits of the CipherTrust solution in preventing data leakage

  • Simplifying Data Security

The CipherTrust platform enables organizations to discover, protect and control their most sensitive records on-premises and in the cloud in a simplified way.

With an integrated and unified approach, companies can effectively manage protection and minimize the risks of data leaks and breaches.

  • Accelerated time to compliance

The CipherTrust solution offers comprehensive information security features such as data discovery and classification, encryption, granular access controls, audit logs, tokenization, and key management.

These features help companies comply with information security and privacy requirements, making the process of compliance with regulations such as LGPD faster and more efficient.

  • Promoting Safe Migration to the Cloud

CipherTrust Data Security Platform enables enterprises to confidently migrate their workloads to cloud and on-premises environments, ensuring continuous protection and control of their data.

In addition, the solution makes it easy to repatriate records back to the site when necessary, maintaining the integrity of the information at all times.

By adopting the CipherTrust platform, Brazilian companies can more effectively face the challenges of cybersecurity, ensuring the defense and privacy of their clients’ data.

This comprehensive, integrated solution enables organizations to minimize risk and adapt to the increasing demands of a constantly evolving digital environment while securing customer information and trust.

The urgency to combat data leaks in the current scenario

With the growing number of data leaks and the complexity of cyber threats in Brazil and worldwide, ensuring security, protection, and privacy has become an absolute priority for companies in all sectors.

Adopting robust and comprehensive solutions, such as the CipherTrust Data Security Platform, is essential to effectively address the challenges and risks inherent in today’s digital environment.

It is always worth remembering

It is vital to remember that compliance with laws such as LGPD should not be seen as a legal obligation, but an opportunity for companies to improve security practices, building trust and loyalty with customers and partners.

Data protection and privacy are no longer optional issues, but strategic imperatives that directly impact the reputation, business continuity, and success of companies in the global marketplace.

The adoption of solutions such as CipherTrust Data Security Platform represents an essential investment to ensure the resilience and prosperity of organizations in an increasingly connected and digitalized world.

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Data Protection

The financial sector is under cyber attacks: banks, Fintechs and Pix at risk

Banks, Fintechs and other companies in the financial sector have been a major target for cyber attacks due to the abundance of confidential information contained in customer files, especially as more and more people transition to online banking and seek alternative, contactless ways to pay during the pandemic.

Now a new wave of financial solutions, of Pix and Open Banking, is emerging to make real-time transactions easier for customers, but further amplifying the threat landscape.

Along with growing threats, financial institutions must also meet regulatory compliance requirements, such as the General Data Protection Act (LGPD), or regulatory fines and sanctions will apply, further amplifying the risks of major losses to businesses connected to the segment.

According to a study by the Boston Consulting Group, financial services firms are 300 times more likely than other companies to be targets of cyber attacks, including phishing, ransomware and other malware attacks, and even insider threats.

Financial institutions must take a more proactive approach to cyber attacks or risk devastating data breaches

Malicious actors have different motives when executing cyber attacks, but in the case of cyber criminals, their goal is financial gain.

Financial institutions have a wealth of personal and financial information, ready for monetization if breached, including cryptocurrency wallets and the transfer of money via Pix.

Like other attack methods, cybercriminals work to compromise account credentials through phishing. All it takes is for an employee to reuse account credentials, such as passwords, and the attackers have everything they need to wreak havoc.

Ransomware is a type of malware that encrypts confidential files or locks companies out of their systems. The only way to unlock it is with a mathematical key that only the attacker knows, which you will receive after paying a ransom.

In the financial segment, ransomware is one of the most common cyber attacks. In 2017 alone, 90% of financial institutions were hit by a ransomware attack. In 2020, the world’s third largest Fintech company, Finastra, was targeted.

So why is ransomware so effective for cybercriminals? Because, most of the time, it is much faster and cheaper to pay the ransom than to suffer downtime.

Dealing with Cyber Attack Risks: Detecting and Managing Threats

In practice, banks, Fintechs, and other financial institutions can follow good security practices to ensure that their organization is protected while continuing to adhere to regulatory compliance.

Implementing continuous monitoring and threat detection capabilities is the first step in closing the glaring security gaps that many banks and financial institutions are facing.

In fact, ransomware attacks are usually not a one-time event. In fact, this can happen several times in the same company. Regardless of whether an organization has experienced an incident or not, it is important to monitor the full range of networks and applications across the IT landscape on an ongoing basis, rather than periodic assessments.

With this kind of constant visibility, companies know whether they are compromised or secure.

It is increasingly important for financial organizations to build a solid foundation by adopting security technologies and processes that enhance their ability to detect cyber attacks as early as possible.

There are a number of ways in which these technologies can help institutions protect themselves, including providing important context for anomalous behavior, flagging known indicators of compromise, and accelerating threat detection and response.

However, detection alone does not prevent cybercriminals from attacking. After suspicious activities that may indicate early stages of an attack are detected, it is important that companies have controls in place to stop future activities and an incident response plan to mitigate the attack.

Como o Ransomware utiliza Protocolos de Acesso Remoto (RDP) Desprotegidos

Encryption and data integrity are also part of the protection strategy against cyber attacks

People will use any financial application based on the trust that their data is safe in their hands, which is why data breaches via Ransomware are so damaging to the reputation of banks and Fintechs.

Besides establishing trust, encryption is also one of the easiest ways to comply with most government regulations. In fact, many control agencies even require it.

For example, in addition to LGPD, the Payment Card Industry Data Security Standards (PCI DSS) require companies to encrypt credit card information before storing it in their database.

Encrypting data is crucial. However, encrypting data only during storage is not enough. Unless you have no plans to move your data, encrypting it during transport is equally crucial. This is because cybercriminals can spy on the application server connections and intercept any data sent.

Backup and disaster recovery as the most efficient way to combat cyber attacks and decrease financial institutions’ downtime

Planning for potential outages can reduce the impacts to banks, Fintechs, and other financial institutions not only valuable time, but also significant amounts of money in terms of lost revenue, credibility, and recovery services.

A recent report by Sophos, “
State of Ransomware 2021
“, showed that the average total cost of recovery from a ransomware attack can reach $2 million. Creating a plan before a disaster occurs also puts organizations in a better position to avoid paying ransoms due to the ability to resume operations.

A solid disaster recovery capability can limit the impact of cyber attacks to a minor disruption, rather than a company-ending event.

The CipherTrust Data Security Platform solution allows companies to protect their structure against cyber attacks

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To address the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers from cyber attacks. Specific technologies include:

CipherTrust Transparent Encryption

Encrypts data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious cyber attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables companies to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Tool portfolio that ensures data protection against cyber attacks

With data protection products from the CipherTrust Data Security Platform, your company can:

Strengthen security and compliance against cyber attacks

CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.

Optimizes team and resource efficiency

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, companies can prepare their investments for the future while reducing operating costs and capital expenditures.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.