DIGITAL LIFE
It's a tough topic, but when everything – from business to public services, including financial services and even entertainment – depends on data storage and cross-referencing, cybersecurity is a problem for the entire society.
Ransomware attacks – such as the one suffered by JBS, in which company data is “kidnapped” and a ransom is demanded – cost companies US$20 billion in 2021, a figure that is expected to reach a shocking US$265 billion by 2031 worldwide, according to projections by the consulting firm Ernest & Young. This amount would be enough to organize 30 Olympics in Paris.
“Every large company suffers hundreds, thousands of attempted attacks per day,” says Demetrio Carrión, EY cybersecurity consultant for Brazil and Latin America. Carrión explains that companies are also often told to keep quiet by their lawyers, so it is difficult to even measure the size of the problem, whether in terms of the volume of attacks or the losses involved. In other words, what reaches the public through the media is just the tip of the iceberg.
The expert points out that Brazil does not even have specific legislation from the Securities and Exchange Commission (CVM) regarding how publicly traded companies should inform the market about attacks and losses resulting from them.
For Carrion, the lack of specific legislation on the issue or clear guidance from the CVM is a huge incentive for companies to sweep attacks and losses caused by hackers under the rug.
The US Securities and Exchange Commission (SEC) forces companies listed there to report incidents suffered. In its official channels, the “police” of the American financial market compares cyberattacks to fires that can occur in a factory – both with the potential to drain cash and affect production capacity. Therefore, investors need to be aware.
Brazilian companies whose shares are traded on US stock exchanges are required to follow SEC rules.
Even so, the US legislation is recent – it dates back to 2023 – and still raises doubts for companies that trade their shares in the United States, Carrion ponders.
Amid so many weaknesses, the hacker attack business is thriving. A study by EY shows that the number of known hacks grew 75% globally between 2019 and 2023.
Who watches the watchmen?...Last year, the world discovered another major problem related to cybersecurity: what to do when software that should work to prevent attacks ends up causing a bug on a planetary scale and paralyzing part of the global economy? This was the case of the cyber outage caused by an update to Falcon, the main product of CrowdStrike, an American cybersecurity company. The incident interrupted CrowdStrike's upward trajectory. The company had just reached US$90 billion in market value – practically the same as Petrobras –, which took it to the S&P 500 index. It was the fastest cybersecurity company to achieve this feat – just five years after listing its shares on the Nasdaq.
CrowdStrike is a star in its field, but this is a competitive sector. There are established players, such as Palo Alto Networks (US$102 billion in market value(2024) and smaller ones, such as SentinelOne (US$7 billion).
Microsoft is also a major competitor and Google almost joined the competition. It only didn't happen because the Israeli startup Wiz rejected the US$23 billion offer from the American company, which would have been the largest acquisition in Google's history. Wiz believes its best option is to remain independent and go public soon.
The cyber outage caused by CrowdStrike is costing the company dearly. Shares fell from $343 to $228, a 33% drop. And the near future doesn't look so promising: Delta Airlines estimates it lost up to $500 million due to the blackout and has decided to sue the cybersecurity company, paving the way for other companies affected by the outage. And there are thousands of them, all over the world.
If the figures help to measure the enormity of this market, the images of airports, hospitals, TV stations and restaurants closed due to the bug were very educational in showing the general public how the world depends on the cyber infrastructure provided by companies like CrowdStrike and Palo Alto.
mundophone
No comments:
Post a Comment