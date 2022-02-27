Felipe Moreno American

Hacker attacks — such as the one that hit the Americanas group over the course of the week, taking down the websites and applications of Americanas.com, Submarino and Shoptime — have been intensifying in Brazil and around the world. A survey of 4,700 companies from different countries carried out by the consultancy Accenture revealed that each one recorded, on average, 270 cyber attacks in 2021 – an increase of 31% compared to 2020. Of this total, 29 (11%) were successful, or that is, they affected the companies’ systems. In many cases, customers are also harmed, having their privacy violated. That’s why it’s important to protect yourself.

Accenture defines a cyber attack as “unauthorized access to data, applications, services, networks or devices”. This is what happened with Americanas, which even had its delivery system affected. But the rape was not an isolated case. Last year, the websites of Renner and the Fleury laboratory were also targeted by criminals. Given this, experts say that consumers with accounts and data hosted on shopping platforms and apps or other services should strengthen security measures to minimize damage from access and misuse of their information.

Fabio Assolini, senior security analyst at Kaspersky, suggests that people don’t repeat passwords to prevent hackers from accessing other platforms with their data:

“The ideal thing is that the user has a password on each of the platforms on which he has an account. But people think that this way they will have to memorize many of them. So, we suggest using a password manager. The role of this type of site is to create a large, random password and, in some cases, memorize it. If the person uses the same password everywhere, the ideal, after a platform reports an attack or a leak, is to change the password and switch to a new one. exclusive and not repeated.”

University student Paula Novaes, 26, had six credit cards cloned in the last year alone, some of them after major platforms reported cyberattacks.

“Last time, in December, six purchases were made. One of them took place in a virtual appliance store, worth R$ 600. I have avoided buying online out of fear. My bank’s application has a function to leave (the card) blocked. When I want to use it, I unblock it. Then I block it again”, he says.

Interview: ‘There is a lack of security mechanisms’, says Luiza Leite, digital security specialist and CEO of Dados Legalais

After an attack of this proportion, what should be done by the registered user to increase their security?

In the case of information security incidents, as a precaution, it is important that the credentials used on the systems of the company where the incident occurred and that they are the same used on other sites to be changed to prevent unauthorized access. It is important to use strong passwords, mixing numbers, letters and special characters.

What to do about the credit card details saved in the account?

When the extent of the damage is not yet known, it is important to inform the payment institutions that were saved on the platforms about the possible exposure of their data and even request the temporary blocking of the saved cards, until the extent of the damage is clarified.

In these cases where the site went offline, does the company have to reinforce customer service by phone?

According to the LGPD (General Data Protection Law), the company must contact and inform all customers who had their data subject to any improper treatment due to the incident and say the extent of the damage. In addition, the company must be prepared to receive requests for deletion, access and information about personal data, and must respond in a transparent manner and within the deadlines stipulated by law. With the systems down, it is important that face-to-face and telephone services are reinforced in order to maintain transparency and commitment to consumers.

Is the number of attacks increasing?

What is perceived is the lack of security mechanisms within the systems, which opens the door to attacks. Therefore, it is important that companies have a good information security policy and implement it effectively. It is necessary to adopt mechanisms such as backup and prevention.

Avoid registering cards

Cybersecurity experts advocate that, whenever possible, consumers use virtual credit cards on websites and apps. They mirror the physical cards, but the numbering changes with each transaction. That is, they can only be used once per purchase. Then they become invalid automatically. If the consumer still wants to use the physical card, the orientation is that at least they do not leave the information stored on the platforms.

“The guideline is always the same: change your passwords frequently, use strong combinations and not use the same password on several sites, because of constant data leaks. Today, there are thousands of passwords available on the deep web (hidden internet from the great public, where there is no regulation). So, changing your password should become a habit. A recent PSafe survey revealed that four out of five Brazilians rarely or never change passwords. The same tip goes for credit cards: whenever possible, use the virtual ones, which are easier to cancel. Also, never save the data on the websites”, warns Emilio Simoni, chief security officer at PSafe.

Carlos Eduardo Gonçalves, criminal lawyer at Lube & Gonçalves and professor of Criminal Law at Candido Mendes University, highlights the difficulty of holding criminals accountable:

“The hacker is often here, but his server is in a country that doesn’t cooperate with sharing information. That’s why prevention is so important. Holding criminals accountable is not easy.”

Companies increase their spending

According to the survey by consultancy Accenture, 82% of the 4,700 companies interviewed increased their cybersecurity expenses in the last year. The survey highlights, however, that investing more does not necessarily mean ensuring greater security. According to the analysis, it is important to define how the resource is spent and to prepare, since almost all companies will suffer a cyber attack attempt, they just don’t know when.

The survey also points out that more than half of companies (55%) do not effectively combat cyberattacks nor are they able to locate, reverse or reduce the impact of these breaches.

“Although the level of sophistication of attacks has grown a lot in recent years, the flaws that allow them to continue to grow can also be framed in a pattern”, says André Fleury, Accenture’s executive director for cybersecurity in Latin America.

The study also reveals that four in five respondents (81%) believe that “staying ahead of attackers is a constant battle, and the cost is unsustainable” — up from 69% in 2020.

“Organizations are often only focused on business results at the expense of cybersecurity investments, thus creating greater risk. And as sophisticated as attacks are getting, in many cases, simple cyber defense actions could prevent 80% of attacks that occur.” in the country”, emphasizes the executive director of Accenture.

What companies say

Attendance

Americanas.com — responsible for the websites Americanas, Submarino, Shoptime and Soub! — clarified that the service channels were normalized, after being offline. The platform says it has expanded its customer service policy.

Extension of deadlines

The company says it has extended online and voice service hours and extended exchange, order regret and technical assistance deadlines. All conditions are valid both for orders sold and delivered through the websites, and for those of partners connected to the e-commerce platform.

no confirmation

Customers who have not received order confirmation and who do not contact the service channels will also be contacted directly by the company. Americanas is answering all questions through the My Account channels on the websites and applications, and on the telephone numbers 4003-4848 (Americanas), 4003-9898 (Shoptime), 4003-5544 (Submarino), from 8 am to 8 pm, from Monday to Saturday and Sunday from 8 am to 2 pm.

Others

When contacted, Renner stores and Fleury laboratory did not respond.