University of São Paulo: Advancement of cybercrime in the “virtual pandemic” raises debate on data protection
The hacker attack on the Ministry of Health (MS) system raised the debate about cybercrime and how it advances in the “virtual pandemic”. In this case, it is necessary to have technologies and training to combat this type of crime, which would minimize the consequences in the health area.
Professor Marcos Simplicio, from the Computer Engineering Department of the Polytechnic School (Poli) at USP and a member of the Institute of Electrical and Electronics Engineers, in an interview with Jornal da USP in Ar 1st Edition , highlights that, in the attack on data on vaccination and infected, occurred in the Ministry of Health, the government was not adequately prepared to face the problem. “ They had already been alerted in the past of possible problems. There were invasions even before the pandemic and there was not such a good investment in security.”
Secrecy and availability of data are basic in the area of cybersecurity
The professor points out that the basics for the area of security, secrecy and availability of data did not happen in this case. Preparing for this type of scenario needs to simulate attacks like this, as well as preparing firefighters for fires. “They do simulations to prepare for an emergency, simulations that there are fires, everyone leaves. And it also has IT staff training to react to the incident. A team prepared to act immediately after a problem is detected is important”, he emphasizes.
“What it apparently had was access to the invasion’s database, which allowed this, while the availability of data disappeared”, explains Simplicio. With the delay to restore this data or perform a backup, due to the lack of preparation with simulations and tests, there was no quick response to the problem and the MS system was down for a month.
How to avoid?
One tool that would avoid this situation is encryption done locally. “A good example for protection, where you prevent someone from accessing the data, could be cryptographic hardware locally. If someone accessed your database […] he would have to ask this hardware to decrypt the data one by one”, highlights the professor.
In this case, if there is an abnormal volume of data access, it is understood that someone is trying to circumvent the protection system. The system itself blocks this user’s access, until someone in the area sees the problem. Another measure that could be done, in addition to the use of technology, is a risk analysis. “Trying to predict what an attack might be against your system and taking precautions,” says Simplicio.