National companies still have a long way to go with regards to the continued implementation of cybersecurity practices. For Luís Lobo Silva, information security associate partner at Crowe Portugal, viewing investment in information security as a permanent procedure and not a one-off procedure is a matter of survival.
“With regard to cultural and social risks, organizations look at this as a cost, but it is necessary to look at it as a way to bring competitive advantage to organizations, improve processes and response to potential cybersecurity incidents“, he defended at the Grand DN Conference, which takes place this Monday, 15th, at the Champalimaud Foundation, in Lisbon.
The representative of the consultancy specialized in taxation, auditing, consultancy and outsourcingwho spoke on the panel dedicated to the motto “Cyber-threats and new risks”, recalled that companies are exposed to various types of risks and that it is urgent to identify critical services and the assets that support them.
“Nobody is immune to the risks, it’s just a question of when it can happen”, he warned. The same opinion was shared by Rubidex.ai’s vice president for European Operations. “Having cybersecurity and competitive intelligence professionals in companies are continuous investments that must be cultivated within the organization. Threats change and people with high experience need to be alert”, added Hugo Costeira.
For the spokesperson for the technology company, which develops platforms to help companies manage and process data using AI, “There’s no point in hiring a professional to deal with a specific problem if you don’t follow up afterwards” to cybersecurity practices.
“We have most of the things mapped out and we know what the risks and threats are, what doesn’t change is people’s mentality. Within a large company, the IT people don’t like the cybersecurity people and this is a cultural problem”, he pointed out.
Hugo Costeira also considered that within the range of risks in this chapter, the human factor is “the weakest link in the chain” and the most effective way to respond to this obstacle is training. “It is important to understand where organizations can help this weakest link and training is the answer. If we have difficulties helping the employee, how can we provide employees with tools that can then help the organization?”, he asked.
The coordinator of the National Cybersecurity Center detailed that, currently, Half of the incidents recorded in the country are due to the victims’ inability to deal with new technologies in security systems. THE phishing and fraud systems account for 50% of episodes, followed by ransomware.
Lino Santos highlighted the lack of means to solve problems as one of the main problems identified in companies. Finally, ANACOM administrator, Marco Biscaia Fernandes, listed the main challenges on the regulator’s side. “There is a past very focused on two delimited sectors: electronic communications and the postal sector. ANACOM’s activity has always been very focused on regulation and supervision and, at this moment, it is faced with a major challenge in moving to a more horizontal sector of technology supervision“, he explained.
It is recalled that ANACOM assumed the duties and powers of National Cybersecurity Sector Authority at the end of last year. In this new capacity and within the scope of the diploma in Diário da República, it will integrate the institutional framework of cybersecurity, with regard to the matter of electronic communications and the postal service. Marco Biscaia Fernandes He also listed the attraction and retention of talent in digital areas as one of the main constraints.
