João Pedro Serrano, Vice-President of the Alumni Board wrote an Opinion Article for the printed edition of Expresso.

 

According to João Pedro Serrano, we should expect an increased frequency of cyberattacks, like the ones that struck major Portuguese companies and institutions in early 2022. Cybersecurity will continue to be an increasingly important topic for both companies and governments. It affects aspects of intellectual property, finances and service delivery/digital processes accessibility, and can even threaten the survival of organizations targeted by attacks.

 

The author contends that the public outcry, and apparent surprise, following the recent attacks offers proof that our society is underprepared to address this issue. In addition, subsequent analyses of the security breach exposed a lack of concrete knowledge about Cybersecurity and IT in general.

 

Furthermore, he offers three core notions, gleaned from 17 years of experience in cybersecurity, to help readers grasp the essence of what is at stake:

1. Cyberattacks are something that all companies with a digital presence suffer daily, the vast majority fail but some with succeed. The best organizations have structures and processes that assume this happens, and that operate to minimize any damage that an unauthorized intruder can do as well as the time he remains undetected.

 

2. People continue to be the center of any organization and this also true in cyberattacks. Most attacks exploit incorrect human behaviour, so it is possible to greatly reduce the likelihood of successful attacks, at a low cost, by working on processes and people. Other more sophisticated attacks can be addressed with advanced tools and techniques, such as Artificial Intelligence.

 

3. There is always the possibility of a successful attack even with the best security in the world. Therefore, any company, government or other institution that has digital processes must be prepared for the possibility of these becoming unavailable. This implicates identifying what is most critical, ensuring redundancies and backups, and on having alternative offline/non-digital processes for absolutely vital functions.

 

To become a more digitally secure country, the author highlights the importance of personal responsibility and awareness. Citizens, be they students or employees, should receive appropriate education or training. Warning that one person’s laxism towards data protection can lead to exponential consequences, he describes Cybersecurity education as essential to protect the personal, economic and political life of all Portuguese citizens.

 

Read the full article (original) in Portuguese here.

Source: Expresso