The creation of a National Cybersecurity Policy is a true milestone in the country's cybersecurity sector. Given the worrying increase in cyber attacks in Brazil, it was necessary to develop a specific security policy to keep companies and users away from cyber threats.
Over the years, more and more companies have been using technological resources to maintain their activities and ensuring the constant availability of their resources has become a necessity. For this reason, cybersecurity has reached a level of priority among businesses , making it necessary to implement more assertive and complete solutions to obtain a safer digital environment.
The new National Cybersecurity Policy developed by the Federal Government was published on December 26th and demonstrates how this sector is gaining visibility. After the creation of the General Data Protection Law , other needs facing the digital environment became evident, making it necessary to develop specific policies to increase the security and protection of technological resources.
Digital security in Brazil
Brazil suffers more than 100 billion cyber attacks . These attacks, in addition to causing unavailability of services and damaging the company's image, also generate an average loss that can reach US$4.45 million (22 million reais).
Some of these incidents, as was the case with the cyber attack suffered by the SUS system , demonstrated the need to develop a national cybersecurity policy and a specific agency to deal with these incidents. With this, we can take a more proactive approach when dealing with cyberattacks .
This is because, for many years, the strategy has always been to deal in a corrective way, solving problems after they happen, without adopting measures aimed at preventing and containing damage. The new National Cybersecurity Policy came as a strategy to bring more prevention and preparation, in order to avoid cyber attacks and the damage caused by them.
The advancement of digital transformation, which was already underway, received a real boost during the recent Covid-19 pandemic. Many companies needed to adopt technological tools to ensure the execution of their tasks and the continuity of their business.
Furthermore, several public services also needed to go through a digitalization process, making these essential tools always accessible in a digital environment. The result of this was an increased need for more efficient protection tools, as information leaks can be an unprecedented loss.
The National Cybersecurity Policy – what can we learn from this new decree?
As this is new legislation , there are still many doubts regarding the objectives and the need to apply the National Cybersecurity Policy. To help you, we have separated some relevant topics, see below:
What is PNCiber?
The main function of the National Cybersecurity Policy (PNCiber) is to provide guidance and support for activities related to cybersecurity in Brazil. The decree responsible for establishing PNCiber also established the National Cybersecurity Committee (CNCiber), the team responsible for proposing updates to the new policy, and its instruments (National Strategy and National Cybersecurity Plan).
Who decreed?
Published in the Official Gazette of the Union on December 27, 2023, the decree responsible for establishing the National Cybersecurity Policy was signed by the president . This decree established not only the National Cybersecurity Policy, but also the National Cybersecurity Committee, the National Strategy and the National Cybersecurity Plan.
Who will be responsible and how will the meetings take place?
The National Cybersecurity Committee will be composed of members from civil society, scientific institutions, government and organizations from the business sector . Members must meet every three months to propose updates to the National Cybersecurity Policy and define new cooperation strategies.
Through these measures, the objective is to increase the level of cybersecurity maturity in the country, bringing more awareness and resilience to cyber attacks that may occur and harm businesses and users.
This committee will also aim to promote technological development and scientific research activities related to cybersecurity . Through this, it will be possible to provide an exchange and exchange of information related to digital security strategies between the government, private sector and members of society.
Check out the statement from the director of the Department of Cybersecurity , Brigadier Luiz Fernando, about the new National Cybersecurity Policy:
What are the principles of PNCiber?
The National Cybersecurity Policy was developed to fill gaps in the information security and digital security strategy in Brazil. Following the worrying statistics regarding cyber attacks suffered annually by the country, this legislation was created to add even more knowledge and preparation to the digital security strategy.
Although technological tools have brought countless benefits to society, Brazil presents a certain lack of preparation regarding the protection strategies used. For this reason, it appears on the list of countries as one of the main targets of cyber attacks around the world.
This new policy was developed based on seven fundamental principles. Are they:
According to Art. 2, the principles of PNCiber are:
I – National sovereignty and the prioritization of national interests
It is important to consider the great negative impact that cyber attacks can have on companies and organizations. The leak of confidential information, for example, can be a true enemy of national sovereignty and even harm the country's economic and political strategy. Consider, for example, the impact that leaks of fiscal data and strategic information can have on government management.
II – The guarantee of fundamental rights, in particular freedom of expression, protection of personal data, protection of privacy and access to information
Information privacy has been an issue discussed for many years. The countless losses caused by the leakage of confidential data demonstrated the importance of developing strategies and policies aimed at protecting information, as was the case with the General Data Protection Law a few years ago.
III – The prevention of incidents and cyber attacks, in particular those aimed at national critical infrastructures and essential services provided to society
As we said earlier, some cyberattacks have been specifically targeted at government bodies . For this reason, it was necessary to establish a more assertive strategy to deal with this type of threat and avoid problems that can arise from cyber attacks.
IV – The resilience of public and private organizations to cyber incidents and attacks
Seeking to abandon a resolute policy and adopt a more proactive and predictive approach to cyber threats, this policy can add more value and preparation for companies to be able to deal with cyber threats of all types.
V – Education and technological development in cybersecurity
The more prepared the organization and its employees and users are, the easier it will be to deal with and avoid cyber threats. The National Security Policy focuses on technological development and preparation, seeking to deliver quality information and greater preparation to everyone involved. To increase security within companies and entities, it is essential to ensure greater awareness of cybersecurity among employees and users.
VI – Cooperation between bodies and entities, public and private, in matters of cyber security
Establishing a cooperation process between government bodies, private sector companies and users and prevention-oriented cybersecurity strategy
VII – International technical cooperation in the area of cybersecurity
The United States Cybersecurity and Infrastructure Security Agency (CISA) conducts ongoing research into cyber threats. Through a process of international collaboration between agencies, it is possible to establish more assertive guidelines for a more complete security strategy.
In this way, we can understand that the National Cybersecurity Policy was developed based on guaranteeing rights and preventing cyber incidents in the country. Its text brings methodologies and strategies to ensure greater preparedness in the face of digital threats that can cause enormous problems for businesses of all types.
What are the reasons why the National Cybersecurity Policy was created?
As we have seen throughout this material, the National Cybersecurity Policy was created to address and fill some gaps related to digital protection in the country. In summary, the National Cybersecurity Policy’s main objectives are:
- Invest in and provide the development of services, products and technologies aimed at the Cybersecurity strategy ;
- Guarantee the confidentiality, integrity, authenticity and availability of solutions aimed at storing information;
- Provide protection and integrity of stored data ;
- Provide safer and more conscious action for users in the digital environment, especially children, teenagers and the elderly;
- Combat and prevent cybercrime;
- Encourage the adoption of a preventive policy related to cyber protection;
- Minimize the impacts of cyber attacks given their incidence;
- Promote investment in scientific research and technological innovations aimed at security;
- Invest in cyber training and education;
- Provide more coordinated action between the government, private sector and society in general;
- Promote international collaboration in favor of cybersecurity.
National Cybersecurity Policy in Brazil: practical applications
Now that we understand how the National Cybersecurity Policy was designed and developed, it is easier to understand how it will apply in practice in Brazil. Art. 6 establishes the competencies of CNCiber (National Cybersecurity Committee):
I – Propose updates to PNCiber, the National Cybersecurity Strategy and the National Cybersecurity Plan
Updates can be developed according to the needs and new demands of the market. Considering that every day cybercriminals develop new strategies to bypass the security system, this constant update allows the National Cybersecurity Policy to keep up with today's security needs.
II – Evaluate and propose measures to increase cybersecurity in the country
In addition to the previous topic, the National Cybersecurity Committee will also be able to formulate strategies and proposals to strengthen cybersecurity in the country, according to the needs and new technological demands that may arise.
III – Formulate proposals to improve prevention, detection, analysis and response to cyber incidents
Since it is also the responsibility of the new national security access policy to ensure the development of new technologies and resources aimed at cyber protection, it is also the responsibility of the National Cybersecurity Committee to provide improvements and formulate proposals to strengthen the prevention, definition and response to cyber incidents.
IV – Propose measures for the development of cybersecurity education
In addition to promoting the development of new technologies, the National Cybersecurity Committee is also responsible for proposing new measures aimed at the culture of digital security and training and cybersecurity. In this sense, the objective is to educate users so that they are more prepared in relation to the digital threats present in this environment.
V – Promote dialogue with federal entities and society on cybersecurity issues
The committee will also be responsible for promoting a process of continuous communication between the legislative, executive and judiciary powers, and society, as a way of strengthening and adding even more value to the security strategies implemented.
VI – Propose collaboration strategies for the development of international technical cooperation in cybersecurity
As we saw previously, Brazil figures in a prominent position in relation to the countries that suffer the most cyber attacks. The country's lack of preparation regarding security strategies can be combatted with international collaboration on cybersecurity.
VII – Express a statement, at the request of the President of the Chamber of Foreign Affairs and National Defense of the Government Council, on matters related to cyber security
We know that cybersecurity issues can have a major impact on users' routines and security. For this reason, it is also the responsibility of the National Cybersecurity Committee to speak out, when requested by the president of the Chamber of Foreign Affairs and National Defense of the government council, regarding cyber threats that are causing problems or could become dangerous for users and companies.
Digital Security Measures for Your Business
Even though it is a widely discussed subject and has been the subject of debate in recent years, cybersecurity is still neglected by companies in different sectors. Ideally, solutions aimed at protecting information and help employees understand the need to adopt safer behavior in the digital environment.
An example of this is inappropriate access that occurs in the workplace. This is because many of these pages hide digital traps that can cause unthinkable problems for your company, such as information leaks and even damaging devices. In this sense, it is essential to adopt efficient technologies that help block these threats and mitigate the damage caused by cyber attacks, as is the case with Lumiun DNS and Lumiun Box .
How can a DNS solution help you?
The DNS-based solution consists of a security platform aimed at protecting internet access. Without the need for hardware, this tool is complete and practical, offering an affordable cost.
With the help of Lumiun DNS , your company will be able to apply web content filters and monitor access through artificial intelligence, allowing the addition of an extra layer of protection to your business networks. Another great advantage is that this solution offers specialized customer support with analysts located in Brazil. Its low latency infrastructure with Anycast technology allows for optimized website filtering and superior results.
Blocking access to harmful pages
Blocking access to certain content is a strategy that can help keep your company's devices and networks away from cyber attacks. Many accesses carried out during working hours can expose your business' confidential information and cause various problems , such as contamination of devices, unavailability of services and damage to the company's image in the market and consumers.
Lumiun Lumiun Box is a cloud-based security tool that uses the enterprise firewall and VPN to provide greater security and control over internet access. With the help of this tool, you can increase network security and your team's productivity mainly by blocking domains that are not needed during working hours.
In addition to increasing security, Lumiun Box will be a valuable ally in your company's growth strategy, preventing employees from accessing dangerous or unnecessary pages during their working hours. This tool features a Business VPN to bring all employees together on a single network, using the Internet with more security and efficiency.
Adopting security tools is essential to keep your company protected and avoid losses caused by cyber attacks. The advancement of technology has allowed the creation of increasingly efficient resources and tools, even relying on Artificial Intelligence. The more prepared you are, the safer your business will be.