The Federal Court of Auditors of Brazil has published a brochure on the high-risk situation that federal public bodies continue to face in terms of cybersecurity.
In the document, the tribunal offers urgent recommendations for public sector managers to mitigate the risks of cyber incidents that “can significantly harm the government and citizens and negatively impact the digital transformation process in the country.”
The court recalled the cyber incidents that hit some federal organizations, such as the Department of Health last December, which suffered a hacker attack that hampered the issuance of the national Covid vaccination certificate and the updating of data on the pandemic.
The brochure was prepared on the basis of a court inspection, which found that most public bodies are still at an early level of maturity in terms of information security and cybersecurity control – a situation that increases the risk of cyber threats and attacks.
The study showed, for example, that more than half of the 377 public organizations analyzed do not adequately manage material that is not authorized by the administration of the agency; maintain a process for assessing and monitoring hardware and software to mitigate vulnerabilities; or have a process for receiving incident notifications.
With that in mind, the Court of Auditors document outlines cybersecurity actions that need to be implemented urgently by federal agencies. These include the need for public managers to inventory and control company IT equipment and software; providing ongoing vulnerability management and incident response; and the establishment of security awareness and training programs.
Last June, the Court of Auditors published another report showing that two years after the entry into force of the General Data Protection Law (LGPD) in Brazil, government agencies still had a long way to go to fully comply with new data protection and privacy standards. .