When addressing data security, it is common to associate major players in the IT industry, such as Fortinet, Palo Alto, Fire Eye, and Check Point. The predominant concern in companies focuses on acquiring equipment and resources capable of providing robust security for the protection of data and systems. However, many organizations limit themselves to staying within Gartner’s magic quadrant, mistakenly believing that this is sufficient to ensure the operational security of their businesses. While this is undoubtedly important, it is also worrisome, as only a minimal fraction of companies invest in security systems, and an even smaller portion adopt policies like Threat Management, making the majority of companies worldwide vulnerable to attacks.
With decades of experience in the field of Information Technology, I have witnessed numerous concerning situations, especially in a country like Brazil, which offers significant opportunities in the IT sector and contributes significantly to the global IT professionals’ landscape. However, it is also inhabited by individuals who exploit their intelligence and creativity for illicit purposes.
In this context, I identify social engineering associated with artificial intelligence as the predominant threat in the current scenario. Few systems and equipment are prepared to combat this type of attack, especially because it can be initiated internally by an employee with privileged access. Skilled individuals within large companies can leak confidential data or facilitate access to sensitive information, creating a criminal industry where there are potential buyers and opportunists willing to take risks. Moreover, even Big Tech companies exploit consumer data vulnerability and behavior analysis without proper consent, capturing day-to-day information for commercial exploitation and inducing unconscious actions, but that is another story.
Contrary to the stereotypical image of brilliant hackers breaking into impregnable systems, the current reality shows that many cyberattacks are conducted by astute individuals without necessarily possessing advanced technical knowledge. By obtaining data, these criminals develop elaborate scams, investing time and money to build complex operations used especially for phishing through Email, SMS, Phone, WhatsApp, and even social media.
This criminal industry uses the obtained data to deceive potential victims, promising unrealistic advantages in acquiring products, services, and even easy money. They also take advantage of people’s lack of awareness in emerging societies, inducing unconscious actions. The practice of blackmail and threats, often using sensitive personal information, has also become a common strategy.
Phishing attacks have evolved considerably, with criminals cloning customer service channels of major companies, sending personalized billing emails, making false advertisements, easily obtaining passwords, and even cloning voices and faces using artificial intelligence. This scenario, where criminals invest heavily, has thrived, with little concern from authorities and major companies in the cybersecurity sector.
Victims, often inattentive or eager for advantages, suffer significant losses. This cycle of errors and lack of concern, especially from those in the magic quadrant, will continue to grow, amplified by the advancement of artificial intelligence and the trend of Big Tech companies isolating people in bubbles, preventing them from seeing the obvious reality.
Information security has become a more complex and comprehensive battle than the mere adoption of cutting-edge equipment. It is imperative to invest not only in technology but also in human resources and social awareness to mitigate the growing risks associated with social engineering and artificial intelligence. In the end, we are all part of this digital narrative, and security is intrinsically linked to our human understanding and our ability to protect each other.