Celebrating cybersecurity month

To celebrate the month of cybersecurity, Porto Tech Hub engaged in a conversation with its associated companies, Armis and i2S, asking them three questions about this subject, which has become more important, not only in the IT world but in modern society as a whole. Here’s Rui Costa, CTO at Armis and Pedro Santos, Performance Architect/ CISO at I2S thoughts on the matter.

How has the role of cybersecurity evolved in the company in recent years?

Rui Costa, CTO @ ARMIS: As a company, the role of cybersecurity has increased exponentially. Over the last years, the increase in security risks has been significant, as well as the requirement for us as a company to demonstrate compliance. This relationship, in the market, is not often so evident for everyone. This also led us to assess the importance of cybersecurity as a company which provides consultancy and services in the matter.

Armis, as a company specialized in security, had already highlighted the issue of cybersecurity with its customers and, lately, the importance and need for support has proved to be not only a confirmation of our approach, but also a priority in the market. The transformation of services and technologies over the last years has meant that the topic of cybersecurity must be seen as a discipline and not as an off topic.

The evolution of technologies and services always shown the need to monitor our cybersecurity state, constantly adapting to the changes imposed by these transformations, which led to a need to take advantage of technology without putting the business at risk and without cybersecurity having to be a blocking force on the path of transformation and growth.

Pedro Santos, Performance Architect/ CISO @ I2S: I2S is a company that produces software for the Insurance business area, which, in the case of life insurance, is normally linked to the Banking sector. In Banking, security/cybersecurity is a topic taken more seriously than in other sectors of the economy, for some time now. However, the cybersecurity theme has always deserved special attention from I2S. It is clear that, over the past few years, we have given even more attention to this issue, first, because the number of computer attacks in the world has skyrocketed, namely, in the area of ​​Banking / Insurance; second, because of the change in the shareholder structure, which makes the company more “attractive” as the target for a computer attack.

The Insurance sector in Europe has undergone transformations, both due to the economic situation and the change in the legislation in force, to protect customers of Insurance companies, which has forced I2S to rethink its modus operandi regarding this issue. With this, in 2018, the company decided to obtain an information security certification (ISO 27001). With the certification project, the company made a real investment in processes, monitoring tools, cyber security awareness campaigns, etc. This investment was based on giving I2S a competitive advantage, since it allows to guarantee the confidentiality of the information that is handled, as well as to guarantee a business continuity, in case there’s a computer attack.

What changes did you have to adopt during the pandemic period in this area?

Rui Costa, CTO @ ARMIS: The growing number of remote workers and home computers being shared over the network has created unique opportunities for threats and attacks. This was a finding that we recognize in our customers. Specifically, for Armis this has been a reality for a long time, it is part of our way of working to adapt to new realities and the market, with a lot of mobility, flexibility and security in accessing technology.

Nevertheless, in this new normal, as a company, we quickly adapted, considering that our teams were already used to a hybrid work environment and had all the necessary tools to carry out their activities safely.

However, as providers of advanced security solutions, we had the challenge of providing our partners and customers with functionalities and mechanisms so that all the data of the organizations and their employees were protected. We felt that it was a real stimulus to respond quickly and effectively to all requests for help from partners, to implement solutions that would contribute to the safe adoption of remote work.

The reality is that most people tried to find their own methods to continue their work activities, often resorting to alternative, inappropriate and unsafe practices, which led to an interruption in collaboration and security. Supporting all our clients and requests in this new stage was a huge challenge, not least because the way to provide services in this new reality also involved supporting ourselves and our customers in these scenarios in new technological ways.

Pedro Santos, Performance Architect/ CISO @ I2S: The decision made in 2018 for the company to obtain an information security certification – ISO 27001-, caused a reflection on several issues in the information security transmitted among us. I would say that we anticipated the changes that were necessary to carry out for us to adapt to this pandemic situation. In fact, cybersecurity is just one topic in the big information security hat that we had just implemented, and this pandemic served to test what we idealized in the project phase. Of course, we had to make some adaptations, particularly in the bandwidth of our external network, to be able to respond to all requests from company employees. However, it was gratifying to see that what we defined works and gives us indispensable security guarantees.

Do you want to give any advice to companies that do not yet invest in cybersecurity?

Rui Costa, CTO @ ARMIS: ARMIS has more than a decade of experience in security, which is why we know that most organizations only consider it after being victims of a threat or attack.

We advise the adoption of solutions that respond effectively to incidents, that protect the organization, users, devices,and data of the organization, without ever compromising business productivity. Increasingly, solutions that take advantage of all events of these dimensions can provide us with intelligent protection systems, capable of being proactive in protecting our information, monitoring behaviours and offering us ways to protect our security posture.

We recommend the adoption of solutions based on the three main pillars of security, such as identity and access management, threat monitoring and continuous protection of devices. The idea is to integrate these with the entity’s local infrastructure to allow greater collaboration and team efficiency.

We also suggest that everyone strengthen their security posture with intelligent guidelines and information that will protect the corporate environment. When employees are unaware of the importance of digital security, they end up being a gateway to attacks and threats.

Pedro Santos, Performance Architect/ CISO @ I2S: What I think about the topic is quite simple – fraud/computer attack has always existed and will exist in different areas and branches of business. It is up to each company to anticipate the possible constraints that may arise and, if such situations happen, that it is possible to cancel the attack, identifying its origin, correcting and bridging weaknesses, so that there are no new recurrences. Currently, there are many tools that can help organizations/companies with information security problems, however, without changing the habits of their/our employees, the task will be arduous. From where I stand, we have options:

1. From the point of view of the organization / company

Most people have heard of Phishing, Ransomware, Malware, Social Engineering and DDoS, but not everyone is an IT expert, so it is necessary to educate people that blocking their PC, smartphone or other electronic equipment is as natural as closing the door of their home. Also, their credentials (user/ password) should not be shared or kept in unsafe places, just as they would not do with their personal bank information. For me, this is, without no doubt, the biggest challenge for organizations in the subject of computer security.

2. From the point of view of the market

Being a continuous task and with associated costs, it must be a competitive leverage, both as guarantee to the customer that the shared information is kept in safe places, as well as to guarantee the continuity of the business. This will help companies not only to differentiate from their competitors, but also to become a partner to their customer, within the scope of cybersecurity. From my point of view, this is the only way it will it be welcomed by all the structures of an organization.