“Europe has a very considerable lack of specialized technical resources in the area of cybersecurity”
“Employee awareness is fundamental to any organization’s cybersecurity, as they are often the first line of defense against cyberattacks.”
How important is patch management for Portuguese companies, especially in light of NIS2? What are the biggest challenges companies face in this area?
One of the most commonly used attack vectors in cybersecurity incidents is the exploitation of software vulnerabilities, vulnerabilities for which software updates almost always already existed to eliminate them. A very significant number of organizations have low maturity in this respect, which means that they apply updates very infrequently, or apply them according to their criticality, or apply them on a fixed and infrequent basis.
NIS2 clearly mentions the need to ensure good practices in this area. In particular, it is intended, on the one hand, to ensure that software updates associated with critical/high vulnerabilities are dealt with much more quickly (even more so for assets exposed to the Internet). On the other hand, the aim is to cover – according to the risk – the entire asset park.
How does Eurotux help companies identify and correct vulnerabilities in their systems? What tools and methodologies are used?
Eurotux includes multiple patch management activities in its clients’ Managed Services contracts in accordance with best practices (ensuring, for example, rollback in the event of problems and, whenever possible, testing patches in test/development environments). What’s more, Eurotux implements patch management technology projects and draws up policies for its clients.
To what extent can automating patch management contribute to better protecting companies? What technologies and tools does Eurotux recommend?
Automation speeds up the application of software updates (it is important to ensure that there is a form of rollback and testing), with the result that the platforms covered are vulnerable for less time. Automation thus contributes to efficiency and typically reduces human error and exposure to vulnerabilities.
How can managed cybersecurity services benefit companies, especially smaller ones? What are the main benefits and how does Eurotux differentiate its services in this segment?
Europe has a very considerable lack of specialized technical resources in the area of cybersecurity, which makes it very difficult for companies to create teams with this type of skills – especially smaller ones. Managed Services are the possibility for these companies to integrate this increasingly important valence into their structure.
What kind of continuous monitoring does Eurotux offer to detect and respond to cyber threats? What are the most relevant performance indicators for cybersecurity?
Eurotux provides its clients with a continuous cybersecurity monitoring and response service with the SOC (Security Operations Center) service, which permanently monitors security events in clients’ infrastructures and correlates these events with external intelligence information. For example, it is essential to identify the most critical events, the attack vectors and the corresponding remediation activities.
How can Eurotux’s Backup and Recovery solutions contribute to companies’ resilience in the event of cybersecurity incidents? What are the best practices for guaranteeing data integrity and availability?
In several strategic cybersecurity benchmarks, one of the fundamental pillars is Recovery. Backup and Disaster Recovery solutions are precisely the key to ensuring that, when an incident occurs – and incidents are often caused by internal employees – there is the capacity to ensure the recovery of data and systems and reactivate operations.
What impact is NIS2 having on the Portuguese cybersecurity market? What are the main challenges and opportunities that the standard brings to companies?
NIS2 represents a significant evolution in the European cybersecurity landscape and, consequently, in the Portuguese market. By imposing stricter requirements in terms of risk management, incidents and reporting, NIS2 pushes companies to invest in more robust cybersecurity solutions and services, not without some challenges, which need to be overcome.
For example, NIS2 increases the complexity of security measures by introducing a broader set of technical and organizational requirements, requiring companies to have a deeper understanding and implement more complex strategies. These changes imply high costs, especially for smaller companies, which face challenges in investing in technology, qualified personnel and security processes. The growing need for qualified cybersecurity professionals also exacerbates the situation, creating difficulties in hiring and retaining talent. In addition, the rapid adaptation required to comply with the new standards demands great agility and flexibility on the part of companies, which extends to risk management, making it more complex and requiring continuous evaluation and adaptation of existing security measures.”
What are the main requirements of NIS2 and how can Eurotux help companies ensure compliance?
NIS2 stipulates strict requirements to ensure cybersecurity in organizations. Companies are obliged to carry out regular risk assessments, identify vulnerabilities and implement appropriate mitigation measures. It is essential that they have an incident management system that includes the detection, response and effective reporting of incidents to the relevant authorities. In addition, they must develop business continuity and disaster recovery plans to ensure continued operability in the event of incidents. Cybersecurity governance and management must be robust, with well-defined responsibilities. On the other hand, it is crucial to raise awareness among employees and provide them with ongoing training in order to minimize the risk of human error. Companies also need to assess and guarantee the security of their suppliers in order to protect the supply chain. Finally, in the event of security incidents with a significant impact, notification to the authorities must be made within an established timeframe, ensuring transparency and proper crisis management.”
Eurotux, as a company specializing in cybersecurity solutions, offers a range of services that can help companies achieve NIS2 compliance.
We carry out customized risk assessments to identify vulnerabilities specific to each organization and propose appropriate mitigation measures. We offer a wide range of security solutions, including firewalls, intrusion detection systems and identity and access management (IAM) solutions, to strengthen companies’ security. We assist in implementing incident management systems, defining processes, creating response teams and conducting simulations to ensure effectiveness. We can help with specialized cybersecurity consulting, covering everything from implementing security policies to conducting audits and long-term security strategy. And, not least, we implement identity and access management (IAM) solutions, which are essential for controlling access to systems and data, thus minimizing the risk of unauthorized access.
How important is employee awareness for companies’ cybersecurity?
Employee awareness is fundamental to any organization’s cybersecurity, as they are often the first line of defence against cyberattacks. Most security incidents are the result of human error, such as clicking on suspicious links, opening malicious attachments or inadvertently sharing confidential information. Promoting awareness helps employees recognize and avoid the latest attack tactics, thus protecting company assets, especially confidential and sensitive data to which they have access. By investing in awareness, companies foster a robust security culture in which all employees feel involved and responsible for protecting company data. This approach not only improves security but also reinforces a proactive stance in the face of growing threats.
What are the main cyber threats facing Portuguese companies today?
Portuguese companies, like those around the world, face a range of cyber threats that continue to evolve and which put the critical need for robust and up-to-date cybersecurity strategies at the forefront of concern. Among the main current threats are phishing and social engineering, which involve fraudulent email messages or communications on social networks that impersonate trustworthy entities in order to extract confidential information or install malware. Ransomware is also a major concern, with attackers encrypting critical data and demanding ransoms for its recovery. Other threats include malware such as viruses, worms and trojans, which can infect and steal data from systems. DdoS (Distributed Denial of Service) attacks overload servers, preventing legitimate users from accessing them, while brute force attacks relentlessly try to guess credentials to access systems or accounts. In addition, cyber-sabotage represents targeted attacks with the aim of causing damage or disruption to specific companies. These threats highlight the critical need for robust and up-to-date cybersecurity strategies.
Interview published in Digital Inside.
