News

New trends in the fight against electronic crimes

From left to right: Lucimara Desiderá, security analyst at CERT.br/NIC.br; Luiz Filipe Couto, information security specialist and CEO of Jeenga; Renato Leite Monteiro, professor of digital law at Mackenzie; Thiago Tavares Nunes de Oliveira, President of SaferNet Brasil and Principal Member of CGI.br; Vanessa Fonseca, Director of Microsoft's Digital Crime Fighting Area and Edgar D'Andrea, partner at PwC Brasil and specialist in Cyber ​​Security
From left to right: Lucimara Desiderá (CERT.br/NIC.br); Luiz Filipe Couto (Jeenga); Renato Leite Monteiro (Mackenzie); Thiago Tavares Nunes de Oliveira (SaferNet Brasil); Vanessa Fonseca (Microsoft) and Edgar D'Andrea (PwC Brasil)

Subject was the theme of FecomercioSP Congress, with support from ETCO

The internet has brought many benefits to citizens, governments and businesses. But many risks too, which require more care on the part of everyone. People, for example, must be more careful when disclosing their personal data on the network; governments need to create and improve legislation and enforcement; companies have to improve security policies to protect their intellectual property and their customers' data.

These were some of the main issues discussed at the VII Congress on Electronic Crimes and Forms of Protection, promoted by the Federation of Commerce of Goods, Services and Tourism of the State of São Paulo (FecomercioSP). The event, held on August 18 and 19, at the headquarters of FecomercioSP, in São Paulo, featured lectures by some of the country's leading internet experts, authorities and representatives of internet security companies. The congress brought together 800 people and was supported by ETCO-Brazilian Institute of Ethics in Competition.

One of the most debated topics was the protection of personal data made available on the internet. Demi Getschko, president of Ponto BR's Information Center, an entity that contributes to Internet regulation in the country, and Ronaldo Lemos, director of the Rio de Janeiro Institute of Technology and Society, highlighted the importance of creating the Data Protection Law Personal. The draft, which establishes rules on what companies can and cannot do with their customers' information, is currently under public consultation. Through the Internet (at this address) it is possible to read the basic text and make suggestions that could be incorporated into the Bill.

 

The importance of joining forces

An opinion shared by several speakers is that the fight against digital crimes requires the cooperation of several institutions. As Ronaldo Lemos recalled, many illicit acts are performed by people or sites located outside the country, therefore, outside the scope of Brazilian law. "Brazil needs to sign new judicial cooperation agreements," he said.

The director of the Microsoft Digital Crime Fighting Unit in Brazil, Vanessa Pavilavicius Fonseca, also emphasized the importance of partnerships. "At Microsoft, we have been working on initiatives to improve Internet security for many years," he said. "Our main conclusion is that we don't do anything alone." According to her, the company has already entered into several partnerships in the country, with bodies such as the Federal Police, the Public Ministry and the Brazilian Federation of Banks (Febraban).

Another topic discussed at the Congress was the risks that companies run from having their systems invaded. Several speakers discussed good practices to prevent the theft of valuable data. Craig Moss, Chief Operating Officer of the Center for Responsible Commerce and Entrepreneurship (CREATe.org), drew attention to the common mistake of thinking that the solution basically depends on data protection systems and other IT tools. "You can't solve the problem with technology alone," warned Moss, who attended the event by conference call from the United States. The best approach, he said, involves also creating safer work processes and training people. CREATe.org is a partner of ETCO in the dissemination of good information security practices in Brazil.

 

Mission of the event

The FecomercioSP congress is the largest event on electronic crimes in Brazil. "Today, the big problem is that you have a colossal advance in technology, but you do not have proportionally the perception of society about the risks of this advance", said Renato Opice Blum, president of the Board of IT Compliance and Digital Education of FecomercioSP. “The mission of the event is to close this gap, promote awareness of the dangers, discuss solutions and share with the public the new trends in the digital world.”

In his assessment, the large companies operating in the country, especially the multinationals, are reasonably protected from electronic crimes. “The biggest problem is with small businesses, which lack the knowledge and culture to face these new challenges.” Opice Blum believes that the fight against digital crimes depends on more effective action by the government. There is an important delay in the adoption of specific public policies, especially in relation to digital education ”, he said. “Regarding the legislature, unfortunately, there is a lack of people specialized in the subject. We should have groups focused on technology, with a greater degree of dedication, more focused and producing results in less time. There is no point in discussing 4, 5, 7 years a law that is obsolete in 1 or 2 years ”.

Opice Blum also highlighted the importance of the partners who helped make the VII Electronic Crimes Congress feasible. "Today, nothing is done without good partners who have the same focus and the same concerns," he said, emphasizing ETCO's support. "The Institute has an important participation in the construction of ethics, legislation and behavior, so it was very important for the congress to count on this partnership".

Internet companies say: complaints are fundamental to curb digital crimes

Deputies ask companies to act more proactively, but directors claim they follow rules of the Marco Civil da Internet, approved by Congress

Directors of internet companies were unanimous in highlighting the importance of user complaints to curb different digital crimes, in a public hearing this Thursday (27) of the Parliamentary Commission of Inquiry (CPI) of Cyber ​​Crimes. CPI listened to the director of Public Policies at Google Brasil Internet, Marcel Leonardi, the director of Government Relations at Facebook in Brazil, Bruno Magrani, the director of Government Relations at Twitter Brazil, Felipe Magrim; and the Legal Director of Yahoo! Brazil, Diego Gualda.

The directors affirmed that they remove from their pages, without the need for a court order, the contents referring to sexual violence against children and adolescents, hate speech (for example, involving prejudice of race and gender), and images and videos of nudity and sexual acts disseminated without the consent of those involved (“revenge porn”). However, the complaints of those involved are fundamental. The four companies provide tools for reporting, which are analyzed by their teams.

Luis Macedo / Chamber of Deputies
Public Hearing. Director of Public Policy at Google Brasil Internet, Marcel Leonardi

Marcel Leonardi, from Google, explains that crimes against honor are subjective, hence the need for analysis by the Judiciary.

In the case of content considered offensive against honor, such as insult and defamation, a court order is required for the withdrawal, as established by the Marco Civil da Internet (Law 12.965 / 14). According to the Google director, crimes against honor, in general, are subjective, hence the need for analysis by the Judiciary. According to the civil framework, the delivery to authorities of user data suspected of committing crimes can also only be made by court order.

The directors stated that the law, passed last year, brought more legal certainty and clarity of rules for companies and users. "The effect is positive, including on network crime," said the Yahoo director. However, they did not have consolidated data with the difference in the number of crimes before and after the approval of the civil framework, requested by some members of the CPI.

Sexual violence against children
In the case of reports of sexual violence against children, the directors informed that they are sent to the American agency NCMec (National Center for Missing and Exploited Children), which catalogs and encrypts all images, preventing them from being released again. "These technologies were developed to detect cases of child sexual abuse automatically (by algorithm)," said Marcel Leonardi.

Deputy Sandro Alex (PPS-PR), a CPI subrelator, believes, however, that the use of encrypted images has not been sufficient. According to him, video of rape of minors in Paraná was available on YouTube for five days. Deputy Rafael Motta (Pros-RN), also a subrelator, said that a quick search for Google shows videos of children with sexual content, with degrading comments.

According to the director of Google, automatic filters are flawed, and a prior analysis of all content posted on the network is not possible. “YouTube receives 300 hours of material per minute. It is an overwhelming volume. There must be a complaint so that we can act ”, stressed Marcel. “No technological tool is going to be fully effective; we depend on complaints ”, added Facebook director Bruno Magrani. The directors stressed the importance of educating children and adolescents to use the internet and reported that the platforms provide material explaining the safest way to behave on the network.

Defamations

Archive / Gabriela Korossy
Pastor Marco Feliciano

Feliciano says he only managed to remove offensive content from Facebook after he had direct contact with a company executive

Deputy Silas Freire (PR-PI) criticized the fact that companies do not act preventively against crimes on the internet, but only when provoked. For him, there is a delay in removing the reported content. Deputy Pastor Marco Feliciano (PSC-SP) said that he is filing hundreds of lawsuits against social networks and stressed the difficulty of people to protect their image and honor on the internet. The congressman reports that he never managed to remove defamations against him from Facebook until he had direct contact with one of the company's directors in Brazil.

Deputy João Arruda (PMDB-PR), who requested the hearing, agrees with the current rules. “It was very important to bring to justice some issues, such as the trial of crimes of slander. Otherwise, Facebook would have to hire judges, ”he said.

Reportage - Lara Haje
Edition - Patricia Roedel

 

Source: Home .

Data theft that happens inside companies

By Heloísa Ribeiro * and Pamela Passman **

digital theft

New information technologies have brought several benefits to companies, such as the ability to easily generate, share and transport data. This has been one of the drivers of productivity gains in several segments. There is, however, a downside to this story. Increasingly, companies are subject to huge losses from theft or voluntary destruction of valuable confidential data.

Cybercrimes, as they are called, have not received due attention in most organizations. Many still believe that the main threat lies outside the company. Bandits hi-tech would be primarily responsible for breaking into systems and stealing data from companies. In fact, this type of crime exists and usually gains great repercussion in the media. A recent case involved Sony Pictures of the United States, invaded by hackers in what would be a reprisal against the film The Interview, which caricatures the president of North Korea. They stole and posted contracts with celebrities, business plans and other documents on the Internet and destroyed numerous data files, causing great financial and image damage to the company.

But these high-profile crimes represent only part of the problem. Most of the time, theft occurs within the company itself or through business partners. As many companies do not even realize that they were robbed and others, upon discovering the crime, avoid disclosing the case so as not to expose their weaknesses, the problem does not appear to the extent it should.

To help Brazilian companies deal with this threat, the ETCO-Brazilian Institute of Competitive Ethics and the Center for Responsible Entrepreneurship and Commerce (CREATe.org) signed a partnership to address the issue. One of the main objectives is to increase the level of knowledge of Brazilian companies about the origins of the problem.

 

MAIN FAULTS

One of the most common causes is related to permissions to access information. Many companies do not take appropriate steps to limit the type of data that each employee can view or copy. A recent study carried out in the United States by the Ponemon institute, which specializes in the subject, showed that 71% of employees of American companies believe they have access to data that they should not, such as customer records, contracts and files with intellectual property.

Professional mobility is another component of the problem. In today's globalized economy, professionals from various segments have many opportunities to change jobs or even countries. It has been increasingly common for stories of employees who leave the company carrying hundreds of computer files with the intention of providing them to competitors.

A recent story took place in South Korea, where a senior automotive engineer at Daewoo Motors was convicted of handing over sensitive documents to a competitor in China. The documents contained details of safety and performance tests on technologies developed by the South Korean company.

Often, the problem occurs due to a lack of awareness about the value and confidentiality of information. The survey by the Ponemon institute showed, for example, that 76% of professionals have no problem downloading confidential company documents on their personal computers and cell phones or storing them in the cloud, attitudes that open the company's doors to data theft.

Another common way of leaking this information happens when employees, suppliers or customers install programs on the company's computers. Often, without knowing it, they end up using pirated software containing malicious code that invades the company's systems in search of valuable information.

 

LACK OF TRAINING

Few companies adequately convey their expectations regarding the confidentiality and security of information to employees and partners. Fewer still take care to monitor whether the appropriate procedures are being adopted. It is not surprising, therefore, that many employees fail to take the necessary precautions to protect the company's intellectual property or prevent cyber attacks.

Clearly, the threat from insiders cannot be remedied through old protection systems. It requires a multi-faceted solution, a proactive approach involving IT, but also security procedures, drafting terms of conduct, training and supervision. These measures need to be based on a careful analysis of where the company's most valuable information is, be it consumer data, trade secrets or other forms of intellectual property.

The system to protect the company from internal risks must be balanced by the need to facilitate the work of the vast majority of employees and partners who act correctly. The globalized and digital world provides unprecedented opportunities. But taking advantage of them requires taking the necessary steps to minimize the risks. Adopting a systematic approach - with specific strategies to avoid losses to internal personnel and plans to protect against external invaders - is the best and most effective way for companies to compete in an increasingly unstable and challenging business environment.

 

 

* Heloisa Ribeiro she is the executive director of ETCO-Brazilian Institute of Ethics in Competition.

** Pamela Passman he is president of the Center for Responsible Entrepreneurship and Trade (CREATe.org).

ETCO supports congress on electronic crimes

There is still time to register for the VII Fecomercio Congress on Electronic Crimes, to be held on August 18th and 19th, in São Paulo. The event, supported by ETCO, will bring together experts from various fields to discuss issues such as the regulation of the Marco Civil da Internet, fraud in payment methods, the right to be forgotten, the risks of using corporate storage tools, cyber crimes and security public.

The 7th edition of the FecomercioSP survey on user behavior on the internet will also be presented at the event.

Date: 18/19/08

Time: from 9h to 19h

Location: Rua Doutor Plínio Barreto, 285 - Bela Vista, São Paulo - FecomercioSP

Free registration here