For the past three years, Brazil has taken crucial steps in working on legal frameworks related to cybersecurity, awareness, standards, and technologies. The government has recognized the need to prioritize cybersecurity among its institutions.
According to the Daily Swig website, consultations took place between The Brazilian government agencies and national Cybersecurity Incident Response Teams, the Organization of American States (OAS) and the University of Oxford’s cybersecurity center – aiming to evaluate Brazil’s preparedness for cybersecurity challenges.
“In particular, the country possesses remarkable strength in its handling of cyber incidents and in the existence of a cybersecurity awareness at various levels of government,” states the team, according to the Cybersecurity Capacity Review. Moreover, they added, “Given that Brazil has hosted several international events in recent years, this has allowed the development of cyber crisis management protocols by different response teams. Different government units maintain these action protocols with specific knowledge of their role, and they have been adapted according to different types of attack.”
Brazil is the second most affected nation in the world for ransomware attacks. The country ranks 70th in the ITU’s Global Cybersecurity Index and 61st in the National Cyber Security Index.
The Covid-19 pandemic presented many challenges for Brazil. Cyberattacks have increased dramatically driven by the increase in remote working. According to Security Intelligence, over 693 new malicious websites were created amid the spread of the Covid-19 pandemic. These websites benefitted from the government assistance program related to the pandemic. Alexandre Bonatti, Engineering Director at Fortinet Brazil states that “[Attackers] are finding a significant number of incorrectly configured Remote Desktop Protocol servers, which facilitates invasions,” according to ZDNet.
In February 2020, Brazil published its first national cybersecurity strategy aiming to increase the country’s digital trustworthiness and resilience against cyber threats. The country has been working seriously on strengthening the legal framework related to cybersecurity.
In August 2020, the Brazilian Data Protection Law came to force. Under this law, the organizations will be required to take security, technical, and administrative measures to safeguard personal data and National Data Protection Authority. Back in 2018, the Central Bank of Brazil issued a resolution, which regulates the adoption of measures in the field of cybersecurity. Furthermore, the Brazilian Internet Law that establishes principles, warranties, rights, and duties came into force in 2014.
Legislation improvements in Brazil may be a stepping-stone towards securing the digital sector. A new report published by the International Comparative Legal Guides “Brazil Cybersecurity Laws and Regulations 2020” states that the country covers common issues in cybersecurity laws and regulations in 32 jurisdictions. Hacking, denial of service attacks, phishing, infection of IT systems with malware, possession or use of hardware/software and tools to commit cybercrime, identity fraud, identity theft, are punished under the Brazilian law.