Category: Segurança

Segurança

How much does a security breach actually cost?

It is no longer a novelty that companies need to protect their information more and more. We live in a highly digital world and therefore the threats have proliferated at a very fast speed. Nowadays companies need to effectively use data security solutions, otherwise they will see their confidential information exposed. A security breach can be dramatic for a business, and can even dictate the end of it. In today’s article, we’ll realize how much does a security breach actually cost.

Notification costs

They are the costs related to the notification to customers and other stakeholders, not forgetting the authorities that by law should be advised in case of security breaches. These costs include monetary and human resource costs, which need to set a strategy and spend time sending notifications.

Productivity losses

Businesses suffering from a security breach face serious productivity problems, especially if they are not equipped with a disaster recovery strategy. When companies have their data exposed and threatened, they need to focus on activities that are outside the normal work routine, which will obviously have detrimental consequences on productive outcomes. For example, at the retail level, a manager will have to focus on retrieving data from his client portfolio instead of looking for new business.

Rebuild the image of the company

After a company has experienced a security breach, it is necessary to rebuild the entire brand image and ensure that the target audiences with whom it works continue to rely on its work. This is one of the higher costs, because it is necessary to invest in a good communication plan that can recover the value of the brand and bring back the trust of the customers.

Infrastructure costs

When there is a security breach, IT managers need to plan an investment in recovering the IT infrastructure and hardware and software affected by the security breach. At this stage, it is necessary to consider the possible costs of an audit required by business partners and investors to ensure that there are no risks associated with working with the company.

Repetition of work

When there are security holes, IT teams are very likely to be forced to do the same tasks over and over to recover data that has been lost. It is essential that the company has well-defined processes for managing and processing confidential data to minimize damage caused by security problems. The constant repetition of tasks can lead to the demotivation of employees and the consequent increase of the turnover rate in the company, which will translate into recruitment costs.

Threats to data security are getting bigger and more sophisticated, making it harder to ensure data security in the business. Protecting the information your company generates on a daily basis is essential for business success and at this stage when the new general data protection regulation has already come into force, it is even more important to work towards securing company and its stakeholders.

Segurança

New Data Protection Regulation: Everything you need to know

For the European Commission, the protection of personal data is a key element of the Digital Single Market. All this scenario has boosted the creation of the new General Regulation on Data Protection (GDPR) for the European Union, which repeals the current legislation on personal data protection, published in 1995, when Internet access was not yet widespread. The new Data Protection Regulation enters into force in May 2018 and there is still a lack of knowledge regarding its performance and implications. In this article, we will cover all the aspects you must know to receive the new data protection regulation in accordance with the law!

The most significant and impacting changes in this new regulation are:

Right to forget

Citizens will be able to require companies to delete their personal data. The new regulation allows the personal data of each citizen to be destroyed at his request.

Data portability

Citizens can require companies to send their personal data in a format that allows them to be sent to another company, facilitating their migration and making it easier to switch to a TV service provider, for example.

Right of opposition to profiling

Companies’ computer systems should be able to register who indicated a refusal to automate their data, as is usually done in processes of behavioral analysis and creation of consumption profiles.

Records and proof of consent

Regarding the online relationship with customers, company systems should expose privacy policies in clear and objective language. Consent for the processing of data by users should be kept in a form to be presented if necessary.

Privacy by ‘default’ and design

You should ensure the protection of data from the design of computer applications, minimizing the processing of personal data, masking of data, encryption, among other topics.

Obligation to notify

Companies and organizations have the responsibility to notify the National Supervisory Authority of data breaches about situations which put individuals at risk and to communicate to the citizen concerned all high-risk breaches as quickly as possible.

How do I know if the new law applies to my business?

The new data protection law applies to any organization doing business in the European Union regardless of whether personal data processing occurs in the European Union or not, and regardless of whether it is personal data about EU residents or only visitors.

What happens if I don’t comply with the new data protection regulation?

The punitive regime of the new law is very demanding and includes fines that in the case of violations of lesser gravity could reach 10 million euros or 2% of global business volume globally. In the most serious cases fines may reach 20 million euros or 4% of total turnover.

You can learn more about the new data protection regulation by downloading this e-book that explores the new law and tells you everything you need to know!

Segurança

Get to know the vectors that are transforming security software according to GARTNER

The market of security software is undergoing a dramatic transformation and according to Gartner there are 4 reasons: the use of advanced analysis, the adoption of SaaS (software as a service), expanded ecosystems and new data protection laws. Due to this new reality, companies are redesigning their security systems.

The overall security market is undergoing a period of disruption due to the rapid transition to cloud-based digital business and technology models that are changing how risk and security functions deliver value in an organization,” said Deborah Kish, principal research analyst at Gartner.

Let’s take a look to the 4 vectors that are changing the security software industry:

By 2020, Advanced Security Analytics will be embedded in at least 75% of security products

Companies are increasingly looking for products that incorporate predictive and prescriptive analytical technologies, that is, that are “smarter” and alert users to possible security incidents. These more advanced analytical capabilities are driven by a variety of underlying technologies, such as heuristics, artificial intelligence/machine learning, and other techniques.

The acquisition and integration of products and technologies will be a critical strategy to increase market share and enter new markets

Given the preponderance of startups and small vendors seeking innovative approaches to security issues, acquisition, integration and consolidation are highly effective strategies to increase market share and enter unknown markets. In many cases, mature suppliers looking for continued growth acquiring faster-growing companies from emerging markets. In other cases, suppliers optimize profits by consolidating similar products under a single brand, thereby leveraging economies of scale by combining key functions such as development, support, sales, and marketing.

Demand for end-user flexibility will increase adoption of SaaS

A recent survey of Gartner end-user security spending indicates that there is a preference for products in a SaaS format. SaaS for security and risk management becomes critical as customers move to digital business practices. However, vendors should consider the financial implications of maintaining support for security products rather than investing in a managed product.

The new data protection law creates an opportunity for the security industry

The General Data Protection Regulation (GDPR) will come into force on May 25, 2018 and there will be substantial fines for companies that do not comply with the regulation. Companies will be more willing to invest in security solutions because the investment will be necessary so that they don’t have to pay high fines.

The business world is really changing and businesses need to adapt. Real-time analysis and the need to protect the organization’s data are increasingly evident.

Segurança

Is your business data secure?

Find out if your business data is safe

About 30% of people who use a computer don’t make backups. Many of these people don’t back up their personal information, but they also don’t guarantee copies of business information. A good technological infrastructure is as important today as having solid foundations that physically support the organization. Nowadays, information is one of the most important assets of a company and it’s imperative to invest in its security to survive and win in a competitive business world.

Companies today face major security threats because of the mobility, big data, and Internet of Things. Antivirus is no longer able to guarantee systems and access protection by itself, and it’s only the first layer of protection that must be encompassing and cross-cutting across the entire organization.

Threat of mobility

Mobility allows you to access company information from anywhere and from any device. The management of this risk must be considered by the company’s managers. To do this, they must ensure good management of threats and incidents through protocols that monitor all system failures. They must also prevent the loss of information in all areas, whether through access, system failures or accidental data deletion by the employees themselves. Finally, they must implement compliance policies and rules that ensure the proper functioning of security mechanisms.

Alliance between productivity and security

A good security plan ensures that accesses from the most varied devices are safe, regardless of the platform used. Thus, companies guarantee the productivity of their resources, through the protection of sensitive data. Nowadays it’s possible to share machines with different users without giving passwords. Biometric technology ensures fast and secure authentication.

Define multiple layers of protection

The dangers to information security are increasingly diverse and come in many forms. Companies must rely on several layers of protection that are articulated together that result in an insoluble protective shield. Solutions like antivirus, firewall, data encryption, security of mobile equipment and anti-ransomware solutions are mandatory in any company.

Be proactive

Repair is not a valid choice when it comes to information security. However, there are still companies that don’t have an active security plan and after the incidents have attempted to fix situations. A company nowadays cannot run the risk of seeing all their data exposed or made illegible and having the awareness of the importance of activating security plans is the first step to protect their information.

Disaster Plan activation

Disaster Recovery is a plan that ensures that a disaster doesn’t affect the company’s performance and guarantees the desired level of performance. They also have a reactive action because they carry out actions in emergency situations that were previously planned. Companies dealing with large volumes of data should always opt for this system because they guarantee the protection and recovery of data even in more extreme situations.

The security strategy must be seen as mandatory in today’s companies, so that there is no possibility of getting lost in digital transformation. Security must be a commitment assumed by all elements of an organization and top management must promote a comprehensive strategy for implementing a strong and secure organizational culture.