This is a significant evolution, taking into account the size of the Portuguese market, and which denotes an unavoidable reality: the era of hyperconnectivity brings many business opportunities but also increases exposure to security risks.
“We realize that from 2024 to 2025 we will have a much greater evolution than what we had from 2023 to 2024, which means that the cybercrime economy is on a clear rise”, Pedro Soares, national security director at Microsoft Portugal, told Dinheiro Vivo. “Portugal has a greater risk in the sense that we have many SMEs [pequenas e médias empresas]. “This is one of the points that the study ends up focusing on.”
The numbers for Portugal reflect the global trend, as Microsoft saw an increase in analyzed patterns from 74 to 100 billion in the last year.
“If we think about the 100 billion pieces of data per day that we are analyzing, we realize that this hyperconnectivity is bringing more and more devices to be connected, because we have more intelligence, we have more information to process, we have more people connected”, highlighted Pedro Soares. But the person responsible does not look at the outlook pessimistically.
“Hyperconnectivity ends up being this transformative force that also involves having a new culture of security”, he explained. “I think it’s an opportunity.”
Growing threat
One of the most relevant points of the study is that 52% of attacks are for profit, via extortion or ransomware, and in 80% of incidents what the perpetrators want is to steal data. With Artificial Intelligence tools increasingly accessible, the threat is growing exponentially. It is not only possible to automate attacks but also to create more realistic phishing content, which forces people to be more attentive. Furthermore, warned Pedro Soares, many devices may be infected with “infostealers” without users realizing it. More digital literacy is needed.
“Cybersecurity acts here not as a risk, but as we protect this device to ensure that we do not have this malware installed”, he highlighted, “or when we do, we mitigate this risk.”
Soares pointed to the fact that each person has a growing number of connected devices, from personal devices such as cell phones and laptops to smart lights and household appliances.
“Normally a person has, on average, 75 devices connected”, revealed the security director. “If you asked us we would say two or three, but in reality there are more than 70 per person”, he continued.
This reflects the always-on world, where many devices are both personal and professional.
“Hyperconnectivity effectively requires us to have a culture of safety and more hygiene in the security area, and this has to be available to anyone”, said Pedro Soares. “It’s not just the issue for companies. It’s the issue for all of us as individuals.”
A country of SMEs
According to the National Statistics Institute (INE), small and medium-sized companies represent 99.9% of non-financial companies in Portugal, with 96% belonging to the micro-enterprise category. This means that many do not have a budget or human resources dedicated to cybersecurity and may view it as non-essential. It is a risk that is multiplying in the hyperconnected world.
“If they are micro-enterprises, there are three or four people and the focus is on surviving, thinking about business first”, highlighted Pedro Soares. “Security is not top of mind.” The expert considers it important, therefore, that security literacy is taught in schools and becomes integral for each individual, not just in the context of companies.
“Often it’s not even because of the cost of the protection technology, it’s just because there is no knowledge”, he stressed.
How companies can prepare
The first step is to analyze the company’s operations and gaps, to understand where the errors that need to be corrected are. For companies created from scratch, the ideal is to have a cybersecurity architect or advisor who guarantees protection from scratch.
The next step is to have a ‘feedback loop’, that is, regularly analyze operations and understand what needs to change, because technology is evolving quickly. “We have more and more devices connected. Which means we have to look at risks that didn’t exist before.”
Finally, at least once a year it is important to provide training to employees in order to update their knowledge, especially in the age of AI.
Pedro Soares reinforces that AI can be used to automate and facilitate attacks, but at the same time it is a defensive weapon. “Technology is clearly here to help,” he said. “Artificial intelligence is our best ally in digital defense, especially for those who have fewer resources. Because if I have fewer resources, naturally I will gain even more from having artificial intelligence.”