We are continuously evolving our Information Security and Cybersecurity services!
Cybersecurity is a very debated topic today, much due to the constant attacks that the world has been subjected to. Given these events, many companies have realized that more and better processes and investments in this area are necessary. Analyzing the national market, how do you see the evolution in this area?
Portugal has been no exception when it comes to increased investment in cybersecurity. Covid-19 brought new challenges that forced companies to adapt to a reality that carries risks such as the need for remote access of their workers. There has been a trend of increased visibility of the population regarding the dangers in the use of technology, a greater attention to the risk of non-compliance with the RGPD and an increased demand for professionals trained in this area, leading to a greater demand for academic specialization in the area of cybersecurity. Unfortunately, Portugal has also not escaped the increase in cases of cyber attacks in both corporate/state and personal environments (phishing/smishing attacks, MBWAY scams, ransomware, exfiltration and sale of personal data on the darkweb, among others).
One of the notable national events was the creation of the CNCS in 2014 with the mission to “contribute to a free, reliable and secure use of cyberspace of national interest,” act as the operational coordinator and national authority on cybersecurity and awareness. Crossjoin recognizes the vitality of the need to protect against cyber risks, as well as ensure the protection of its data as its customers’ information. For this reason, it invests in improvements in Information Security practice, demonstrated in obtaining ISO 27001 certification. Similarly, we identify in our customers and partners an increase in investments in this area, but still insufficient against the level of attacks they are subject to.
The truth is that Cybersecurity is a priority for Crossjoin, which regularly alerts that both users and organizations must realize that the risk of Cybersecurity attacks is real. Do you think that this warning is now properly “heard” and that society, in general, recognizes the critical impacts of lack of Cybersecurity? What are the reasons?
We consider that there has been progress in society’s self-awareness, as a result of their own experience as victims of cyberattacks/computer mockery, as well as thanks to the increase in media coverage of cyberattacks.
However, in general, society is still not properly aware of the precautions to take regarding data exposure and transmission, nor of the impact that certain cybersecurity attacks can have on their lives. For this reason, we still see a lot of cases due to lack of attention or carelessness.
Unfortunately, many companies do not pay enough attention to the topic of cybersecurity, data privacy and/or do not have the financial capacity to educate themselves or prepare for threats, for example, exposure of critical customer data.
At Crossjoin we are very aware that the danger is real and we give this topic a high importance. We continuously work towards the maturing of our Information Security and Cybersecurity practices, as well as our internal Awareness and Awareness processes. The adaptation of our information security management system to ISO 27001 demonstrates our commitment to the subject. This certification reflects the effort in implementing processes that comply with the best practices in Information Security Management, and in adopting risk management methodologies and processes. The protection of our customers, partners, suppliers and employees’ data is one of our priorities!
Our Information Security Management team was created precisely to ensure the security of our information, investing in a highly specialized team in this area, raising awareness among our employees and preventing threats, thus minimizing the risks of possible attacks and their respective impacts.
We promote regular internal awareness training, where we ensure that our Crossers are aware of the various possible attacks, as well as ensuring that they know how to act if they are targets of such attacks. Our employees have a role of high responsibility, they are the first line of defense against these cyberattacks and we think all companies should start here! First, of course, they need to make this a priority, to make the necessary investments to equip their professionals with the knowledge and tools to deal with these real issues.
The truth is that it has recently come to the conclusion that there are measures in the Legal Framework for Cyberspace Security that are not being followed. To better understand, what repercussions has this had?
The fact that the measures of the Legal Regime for Cyberspace Security are not being followed is partly due to cyberspace users not yet having full awareness and sufficient information about the risk of their behavior in cyberspace. The second part of the equation is the partial non-compliance with the obligations of the entities covered by this legal regime that fail to notify the National Cybersecurity Center (CNCS) of the occurrence of incidents and to “implement all the means and all the procedures necessary for the detection, impact assessment and notification of incidents with relevant or substantial impact.”
Continuing the 2021 trend, in 2022, the number of phishing and social engineering incidents represented the majority of incidents recorded by CERT/CNCS. It is urgent to strengthen diagnostic actions to continuously assess the resilience of Portuguese Cybersecurity.
The sharing of information between entities is also important to create synergies to combat new trends in cybersecurity.
After this study, it is possible to conclude that incidents grow by 42% and that the majority are related to phishing. Do you think that these numbers also result from the fact that the digital society has no developed defense mechanisms?
Phishing attacks have increased because they have a high success rate because the digital society is not sufficiently prepared to recognize this type of attack and the investment required for this type of attack is very low compared to other types of attack vectors that can be used.
Some phishing attacks are so well “built” that they manage to fool even the most attentive, as new, increasingly sophisticated and complex techniques often emerge. Thus, the best defense against Phishing attacks is Awareness. Awareness of the threats, types of attacks and possible effects should start as early as possible. Exposure to the Internet and the digital world starts earlier and earlier, so care and awareness should start with young people in schools and universities.
Some say that 2022 was a negative year for Cybersecurity in Portugal, warning that 2023 may be worse. In your perspective, in order to avoid that, what is the urgent need to establish?
In 2022 there were many attacks on large companies in Portugal, for example, the attacks on TAP, Vodafone, Sonae MC, Sporting and FC Porto official websites, however, the number of cyber attacks increased in all countries. Considering that most attacks originated from social engineering attacks, it is necessary to invest more in raising awareness, both in society and within companies to be more thoughtful in their interaction with technology.
Today, there are simulators of such attacks that allow “testing” users and thus identify targeted awareness actions.
The training obtained in the corporate environment also helps to make the same user aware of the same behavior outside their workplace.
Companies should also continue awareness campaigns for their customers to inform them of new social engineering techniques that use their name. It is also important that users report emails identified as phishing to companies and/or authorities so that they can
inform their customers.
Unfortunately, it is not possible to identify what the next cyber-attack trend will be, so it is important that companies are continually aware of these trends and develop tools for protecting information, whether they be encryption or network monitoring to find a possible intruder.
Another necessity is the existence of vulnerability prevention/exploitation teams which aims to impersonate an intruder, to critically understand what the vulnerabilities of the system can thus rectify/mitigate so that they are not exploited by someone with malicious intent.
In this process of change and adaptation, brands like Crossjoin accept missions that seem impossible and that lead to customer success and, consequently, market progression. So, how has Crossjoin faced these challenges, turning them into opportunities?
Crossjoin is always attentive to the needs of its customers and the market, in order to always present the best solutions. This clearly requires us to constantly adapt and update with new concepts and technologies. This way, we can offer transversal solutions and allow us to become a very competitive company and, thus, differentiate ourselves from the competition.
The growing concern for cybersecurity issues has leveraged our security offerings. In all our offerings, whether in performance, development, or infrastructure, we have always had a strong concern with this issue of cybersecurity, particularly with preventive audits. With the digital transition and with the market reacting to the problems identified, Crossjoin is positioned as a strategic partner in the prevention and mitigation of this risk in a comprehensive and transversal way to our customers. The fact that we have teams with a high level of knowledge and transversal experience allows Crossjoin to make a diagnosis to understand where the points of vulnerability are and present recommendations and solutions.
We face any mission, be it cybersecurity, performance or development, in the same way: methodically, following our methodology; focused; and with the confidence that we have a team with transversal expertise which allows us to solve any mission, especially those that our clients consider impossible. Necessity brings opportunities and, as such, we are always attentive to our customers and to the market, seeking to present solutions that meet their needs.
Crossjoin has been witnessing the digital transformation at several customers, in several countries and continents for a few years now, and can testify that this is the direction in which companies and the economy can be saved. How does the brand play a crucial role in this transition, in terms of the security with which it is applied?
Digital transformation is an inevitable fact and must be done with maximum security and with as much knowledge across the board as possible. Cybersecurity should not be considered as an isolated technical silo, but holistically linked to all processes in the organization. As we are specialists in the optimization and infrastructure of information systems, we have knowledge in cutting-edge technologies and concepts, which makes us the ideal strategic partner at the time of this transition. Crossjoin has collaborated with its customers, providing them with tools and strategies so that, first of all, it is possible to foresee and anticipate any cybersecurity risk and assist in the continuity of their operations ensuring that they run with the best performance with maximum security.
The world of digital is constantly evolving. So, for the year that is about to begin, what new features will Crossjoin be increasing for the market? What can we expect in the area of security?
In the same way that technology is constantly evolving, forcing a rapid response when it comes to cybersecurity, the services provided in this area also evolve.
We are continuously evolving our Information Security and Cybersecurity services, in order to allow us to incorporate this component in any type of project. Thus, we can highlight ‘Information Security By Default & By Design’ and security audits (application code
infrastructure and processes) as the services that have the greatest impact on the companies that hire our services.
With current trends in mind, we have a diagnostic service ‘Cloud Security’, as well as a service dedicated to Information Security Management (‘Information Management Security Check’). In more mature organizations in terms of cybersecurity, we present ourselves as a partner for the implementation of zero trust architecture.
Internally we have our own cybersecurity competence center (SIG = Special Interest Group) that allows us to constantly update and improve on cybersecurity topics both for internal consumption and for our customers.
Information Security Management team Interview
Magazine Pontos de Vista
Read original interview
Recent Comments