Cybersecurity in a Pandemic world

Hackers are using ransomware to digitally hold hospitals and medical services hostage, preventing them from accessing vital files and systems until a ransom is paid. The alert issued by INTERPOL (International Police Intelligence) in early 2020, to its 194 member countries, indicates the period of vulnerability and risk that the world faces during the coronavirus pandemic (COVID-19). The spheres most likely to suffer cyber-attacks are multinationals, technology companies, and the financial system. During the pandemic, however, attempts at ransomware attacks against hospital infrastructure and organizations have been exponential. Only in Brazil, in the first quarter of 2020, attempts at ransomware scam exceeded the 350% mark.

A study by the American University Maryland revealed that hackers attack every 39 seconds, an average of 2,244 times a day. The first cyber attacks appeared in the 1980s in the United States, causing millionaire damage to institutions, universities, military bases, and laboratories, such as the Lawrence Berkeley National Laboratory (1986), Griffiss Air Force Base (1994) and the Air Force in San Antonio (1998).

In December 1998, the United States Department of Defense created the Joint Computer Network Defense Task Force to protect the department’s networks and systems from future attackers. With the increasing level of cyber attacks, originated by hackers and criminal organizations, several countries have been concerned with prioritizing national security and defense rules, policies, through the use of cybersecurity, in order to protect government strategies, confidential information, such as commercial, banking and financial data, in addition to safeguarding personal data of its citizens. Thus, in 2001, the Budapest Convention or Convention on Cybercrime was created, an international criminal law treaty, with the objective of defining accordingly on cyber crimes and protection policies.

According to the ITU (International Communications Union – UN), cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, insurance, and technologies that can be used. used to protect the cyber environment, organization, and user properties.

For the past fifty years, the internet has provided the world with an unlimited environment of possibilities and information. A tool until then, directly connected to the academic and professional world, has become accessible and handled in countless spheres. This progress enabled a new professional, political, economic, and cultural dynamic. The social demand and the growing connection of man to the internet have become essential to the elaboration of public policies, norms, and instruments that guarantee greater protection of data of civilians, companies, and governments.

According to ANBIMA (Brazilian Association of Entities in the Financial and Capital Markets), technology brings countless benefits to society, simplifying procedures and services effectively, through flexibility, speed, and expansion of the means of communication. However, the continued use of new tools amplifies the risks of cyber attacks and the efficiency of its three pillars: confidentiality, integrity, and availability.

Cybersecurity is designed as a protection mechanism against the enemy. It can be called individuals, groups, or organizations, formed with the intention of violating, exposing, and manipulating data, information, strategies, or technologies of third parties, aiming at financial gains, influence, sabotage, or competitive advantages.

In their article Cybersecurity and cyberwar: what everyone needs to know, Friedman and Singer defend the relevance of confidentiality to keep information restricted and protected, which are of great value, especially in the virtual world. Security rules and measures are necessary to ensure the privacy of the content, regardless of the recipient and its purpose. Integrity indicates whether the system is secure and is not subject to fraud and changes by third parties. This pillar is essential to ensure that there is no data breach and to ensure the transmission of truthful information.

The availability in cybersecurity matches the functionality of the system. It is necessary to detect if there was a violation of any program or criminal intervention, during the operation process. Qualified as a branch of information security, cybersecurity aims to apply various tools, methods, and technologies, with the aim of protecting systems, data, and information, from cyber attacks, which cover different levels of complexity, damage, and depth.