Information systems security is an increasingly prominent concern for organizations around the world, and Portugal is no exception. With the increasing digitalization of business and the increase in cyberattacks, cybersecurity has become essential to guarantee business continuity and protect organizations' assets.
In the last 21 months, Portugal suffered 9 thousand cyber attacks, according to the CyberTrends report. Cybercriminals are exploring various techniques, such as phishing and ransomware, two types of cyberattacks most used in Portuguese organizations or institutions. According to an IBM report, Portugal was the third European country most affected by computer attacks, behind only the United Kingdom and Germany.
Portuguese organizations have seen cyber attacks grow exponentially in recent years. The average weekly number of attacks in Portugal increased in the first quarter of 2023, according to information from Check Point Software, where the same organization was attacked 1,065 times per week, a number above the European average. The main organizations targeted by cybercriminals belong to the areas of education and health.
Faced with these threats, it is necessary for Portuguese organizations to adopt proactive approaches to strengthen their Cybersecurity posture. Of the initiatives that are already being adopted in the country, we see the role of the State, with the creation of cybersecurity centers and the implementation of policies and regulations that encourage the protection of digital assets, which are aligned with European Union policies, such as adoption of the Cybersecurity Act, NIS 2, the Digital Markets Act/Digital Services Act, among others.
Furthermore, collaboration between organizations and the National Cybersecurity Center (CNCS), among other regulatory authorities, plays a crucial role in combating cyber threats and increasing cybersecurity.
However, facing cybersecurity challenges is no easy task. Many organizations still struggle to balance security with productivity and operational efficiency. The implementation of security solutions is often seen as an obstacle, as it can restrict access to certain applications and information. Additionally, concerns about the costs involved in designing security measures may also hamper the widespread adoption of robust cybersecurity practices.
Another challenge that has emerged in recent years is the increase in remote work, driven in recent years due to the COVID-19 pandemic.
Although remote working offers benefits in terms of reducing the ecological footprint, it also presents major difficulties in relation to cybersecurity, such as:
Home networks, in general, are less secure than corporate networks;
Remote work environments can increase the attack surface for cybercriminals;
Employees working on personal computers at home may not have the same level of control over managing updates for their own devices, which can pose a risk to organizations.
Therefore, organizations need to find a greater balance between flexibility and security, so that security practices are followed by everyone, even outside the office environment.
As we move closer to the future, it is essential that organizations in Portugal continue to invest in appropriate cybersecurity solutions and adopt a proactive approach to facing constantly evolving threats. Collaboration between the public and private sector, security awareness and the implementation of robust practices are fundamental to ensuring the protection of digital assets and business continuity.
The state of cybersecurity in Portugal faces emerging challenges, but protection strategies are being developed to face them. Cybersecurity is a priority for organizations, which invest in customized solutions and collaborate with regulatory authorities. However, the balance between security and operational efficiency, as well as the challenges of remote work, require continued attention. The implementation of measures to
Security and risk awareness are crucial to ensuring a safe and resilient digital environment in Portugal.