The increase and complexity of cyber-attacks creates novel approach to tackling crime

The hacker attack that took down the websites of Americanas, Submarino, and Shoptime for more than three days this week brought up, once again, questions about the level of security of the companies’ and public bodies’ systems and at what extent they are prepared to act when this happens.

Americanas SA, the proprietor of the sites, joined the list of victims of cyber-attacks, which last year affected Renner, CVC, JBS, Grupo Fleury, and the Ministry of Health, among others. From data hijacking and personal information leaks to cryptocurrency thefts, virtually no industry had these crimes unscathed in 2021. Worldwide, the number of hacker attacks increased 40% over the previous year, according to Check Point Research data.

One of the aspects that drew the most attention to the attack that took place this week was the lack of information or clarification by the company. Submarino and Shoptime websites had only one error, and only after two days they started to display the same message shown on the page, informing that the system was suspended for security reasons. What raised the possibility that the attack was so serious that it may have prevented even  airing the warning about the unavailability.

The silence has also meant that it is not yet known whether there was a failure in the protection of the systems, in the ability to detect a significant vulnerability or in the contingency plan to react to the attack. Whatever the reason, Americanas’ losses must have been at least BRL 3.4 billion in market value, according to an estimate by consulting firm Economática.

Another aspect that stands out in this case is that, historically, the   cyberattacks usually carried out in Brazil   take advantage of simple failures, which allows some financial return. Most of the time, they exploit vulnerabilities that have already been identified but not yet resolved. This may indicate that, in addition to the increased number of cyber attacks, they are also becoming more complex.

270 cyber-attacks per company

The research   State of Cybersecurity Report 2021 , by consultancy Accenture (also a victim of data theft last year), carried out with 4,700 companies in 18 countries, revealed that each company recorded an average of 270 cyber attacks – unauthorized access to data, applications, services, networks or devices – in 2021, an increase of 31% compared to the previous year.

Of these, 11% were successful, that is, they affected the companies’ system. Also according to the consultancy, more than half of companies do not combat cyber attacks effectively, nor are they able to locate, reverse or minimize the impact of breaches.

The escalation of cyber-attacks and the difficulty in identifying the hackers and punishing them as they are often in other countries, and the fact that the search for traces and some of the analysis necessary to investigate a crime of this type can delay the restoration of systems are leading to an innovative approach around the subject.

The focus of authorities and experts should be more on contributing to the recovery of companies that are victims of cyberattacks instead of prioritizing the arrest of criminals and addressing security aspects from the beginning of the development of digital systems.