The risks are always just around the corner, or, in this case, setting a new password without following all the precautions, or replying to a suspicious message with personal data. From the economy to everyday life, cybersecurity is a cross-cutting issue.
"As society becomes more digitalized and connected, naturally the criminal phenomena that occur in the digital space also increase, and sometimes exponentially," says Nuno Serdoura dos Santos. The prosecutor at the Attorney General's Office - Oporto Regional DIAP was one of several personalities and institutions to attend the sessions of the Security Council project, with digital security always as a common thread and culminating in the survey that you can find out about on this page.
"The prospect of a computer attack that paralyzes the functioning of a company or group," he warns, "has enormous consequences for the functioning of the organization, in addition to the well-known reputational damage associated with such leaks."
He reveals: "Most computer attacks on companies and institutions are not carried out by traditional computer security breaches, but by social engineering phenomena associated with capturing employee credentials, thus putting the security of organizations in crisis."
"Unfortunately, many companies still treat cybersecurity as a secondary priority until they are directly affected by an attack," believes Rui Duro, general manager in Portugal at Check Point Software Technologies, for whom "today's major risks, such as ransomware attacks [destroying or blocking access to critical data or systems until a ransom is paid], phishing [getting people to reveal personal information] and exploiting vulnerabilities, are becoming increasingly sophisticated and difficult to detect."
We are facing a scenario in which "cybersecurity will get worse before it gets better", because "organizations tend to invest in one-off technologies without a comprehensive strategy" and "complacency and the lack of a security culture among employees increase vulnerability".
According to the managing director of GfK Metris (responsible for the survey), António Gomes, "there is a blank space that needs to be filled in, which involves raising awareness among employees, but also concrete measures to anticipate and mitigate risks in companies". As an example taken from the results, "60% of companies have no measures in place for the professional use of personal devices".
Just "think that these devices are often associated with breaches of security protocols". If, on the one hand, "40% admit that they are more concerned about cybersecurity threats today than they were 12 months ago", on the other hand, "half are not very confident about their company's current ability to protect itself against cyberattacks".
AWARENESS CAMPAIGNS
Add the lack of strict standards to the increase in the volume and sophistication of cyberattacks and you get an explosive cocktail, with an official Navigator source pointing out that "cybersecurity is not just about technology" and that "having a person responsible for cybersecurity governance is essential", as is "having a training plan" that reaches everyone. "We work in a digital environment all the time due to the dematerialization of processes," explains the executive director and researcher at InnovPlantProtect, Pedro Fevereiro, for whom there is no doubt that "a poorly protected structure is an easy target for those looking to find innovation through hacking."
In the agricultural sector, in which the "private non-profit association" works, "the traceability data that can exist from the management of the agricultural crop to the placing of the product on the market is sensitive both from the point of view of its quality and its marketing". This is one of the reasons why "blockchain is currently being used to guarantee the security of this type of data and to ensure value throughout the value chain, from production to marketing to the end consumer".
Something common to sustainability, where "companies rely on digital systems to monitor their carbon footprint, waste management and other activities," recalls Nathalie Ballan. "Traceability/value chain information, particularly the certification of raw materials, is increasingly relying on blockchain systems linked to information analysis systems." For the president of Sair da Casca, it seems clear that "a cyber attack could disrupt these systems, causing lapses in operations and compromising environmental objectives".
Not to mention companies that "run the risk of being attacked for other reasons", by "environmental activists and hackers", with the aim of "denouncing the lack of climate action or the failure to respect human rights as a form of protest".
Threats to which António Gomes adds "future developments with artificial intelligence", which "will tell us which path cybersecurity will take in the fight against cybercrime".
WHAT THE POLL SAYS
According to a study on cybersecurity carried out by GfK for Expresso among 255 people from different companies, preparation for digital attacks is fundamental.
89% of respondents have no doubt that cybersecurity is a priority issue to ensure the full operation of their company's activities
65% of companies have a designated person responsible for overseeing cybersecurity, but among those that don't 92% are not looking to appoint one
18% of respondents consider themselves capable of recognizing and avoiding cyber attacks
Security Council. The world is surrounded by a number of threats. Expresso, with the support of Sonae, Galp, Altice, Allianz, Morais Leitão and ACIN, created a council to assess our technological, military, legal, health, state and corporate security. It took six months of discussions with experts. This project is supported by sponsors, and all the content is created, edited and produced by Expresso (see online code of conduct), without external interference.
EXPRESS
Tiago Oliveira, Journalist