Platform websites e-commerce American and Submarine have been offline since the early hours of Saturday, the 19th, after an “unauthorized access” was identified, according to an official note from the companies sent to the Estadão. The virtual stores are part of the Americanas S/A group, which suffered a sharp blow to its shares after three days of crisis: it closed this Monday, 21, down 6.6% at R$31.49.

Even on the third day of the problem, Americanas continues without giving details about the event. So far, for example, the company has not admitted that any hacking attacks have taken place. On Saturday, a group called lapse assumed responsibility for attacks on Americanas sales portals, which left the sites offline for a period of the day. On Sunday, the 20th, the company decided to proactively take its websites offline. The company’s physical operations are operating.

“Americanas promptly activated its response protocols as soon as it identified unauthorized access. The company works with technical and specialist resources to assess the extent of the event and safely normalize the e-commerce environment as quickly as possible”, says the company’s text sent to the Estadão.

The issue of security of digital operations has been gaining more and more space within Brazilian companies. Last year, hacker attacks affected the computer giant’s systems. retail Renner and also from Fleury, laboratory tests. Second survey released in January 2022Brazilian companies are increasing investments in this area.

For professor Osmany Arruda, ESPM professor and information security specialist, this delay may occur because the company is still collecting evidence of this “unauthorized access” and is putting other types of precautions in place to prevent possible new attacks. “It only makes sense for the company to speak up when it is sure of what it is facing”, says Arruda.

On the morning of this Monday, the 21st, users complained through social networks that the services offered by the platforms, such as tracking deliveries, were not available.

Impact

This is a serious blow for the company, which has most of its revenue from digital channels. In the third quarter of 2021, the latest data released by the company, gross sales through Americanas’ electronic channels represented 60.8% of the business.

Not by chance, several analysts and institutions are starting to make calculations and forecasts about what this attack will represent for Americanas. According to the XP Investimentosdespite the importance of the digital channel for the company, the hacker attack on Americanas is “marginally negative”.

“It is important to monitor to see how long it will take to normalize operations and thus better understand the potential impact on the company’s results”, point out analysts Danniela Eiger, Gustavo Senday and Thiago Suedt in a comment.

The American bank citi believes that it will be inevitable that the attack does not leave a considerable impact on the company’s sales. “The company is evaluating the ‘extent of the event’, but has not yet shared more details about the impact or its expectations of when online operations should resume”, point out analysts João Pedro Soares, Felipe Reboredo, Sergio Matsumoto and Cristian Ashwell of city

Other companies

Americanas is not the first and will hardly be the last company to suffer from this type of attack. In August of last year, Lojas Renner’s website and app were offline for three days. the tour operator CVC suffered even more from this type of problem and in early October saw its operation stop completely for 15 days because of hackers. The laboratory testing company Fleury was also a victim of this type of attack.

No wonder, cybersecurity has been one of the biggest recent concerns of entrepreneurs in Brazil and the world. According to the study Allianz Risk Barometer64% of Brazilian executives believe that cyber risks are the biggest threat to business in 2022. The second place went to natural catastrophes with 30%.

According to Alvaro Massad, coordinator of the cybersecurity course at Fundação Getulio Vargas (FGV), this type of problem will never have a solution, as criminals always innovate to create new scams. But, according to him, the role of companies is to update themselves even faster so that these attacks are mitigated as quickly as possible. “Companies aim for profit, but they need to understand that this type of investment avoids big problems. And protecting yourself well costs money,” says Massad.

‘Good Hackers’

According to José Damico, founding partner of SciCrop, a data company specialized in agribusiness with experience in the field of data security, companies should bring the hacker world closer to their operations, in order to test their own security. Promoting programming marathons in which hackers gather to explore open data, unravel code and logical systems, and reward those who discover security flaws are some ways to better prepare for these events.

In addition, many companies in the industry concentrate their operations on a single cloud, instead of diversifying their storage. For him, this diversification makes the management and payment systems of the company difficult, but brings more security to the data.