The world is becoming more and more digital, the nature of the threats is changing, and companies are not very aware of this change. It was with the goal of preparing companies for the digital threats of today and tomorrow that the CCG – Centro de Computação Gráfica – held the workshop “Cybersecurity: Risks, Opportunities, and Compliance”, through its domain of applied research EMPQ : “IT Engineering Process Maturity and Quality”. The event was attended by several experts imbued by the spirit of the European Cybersecurity Month.
Cybersecurity: on the way to maximum protection
After the initial presentation of the CCG and the EPMQ, by Ricardo J. Machado, Scientific Coordinator of the Lab IT EPMQ, Dr. Ameer Al-Nemrat, from the University of East London, presented the challenges of digital forensics.
In this chapter it is necessary to investigate people, processes, data and things (apparatuses), and the challenges in the forensics of the Internet of Things are varied: from the size of the objects to the location (cloud, etc.), the relevance of the apparatuses to the legal aspects (access, mandates) from networks to available tools.
It is necessary to find out what people are doing, what is happening in each moment, in each person, as well as to take into account the devices used and to identify a crime zone. Know the: how? Where? When? Why? However, analyzing all the information at hand is a daunting challenge.
Dr. Ameer Al-Nemrat and the digital forensics of the Internet of Things, where “the devices themselves become suspects”.
Hans Hedbom, from Karlstad University was the second key note of the day. He addressed topics such as privacy in the digital world, information security, essential ISO standards, failure and success factors in the GDPR process, and what can be expected over the next two years in the GDPR universe.
Hans Hedbom and the GDPR introduction success factors
After a lunch break, with CCG project demonstrations (AGATHA project and UH4SP project), the second part of the workshop began, with three different panels on the multiple dimensions of the same theme: cybersecurity. These panels brought together several experts from well-known organizations in an extended conversation to the dozens of participants at the event.
AGATHA and UH4SP projects demonstrations
Cybersecurity under discussion
Panel 1 – “Can improving security be an opportunity to improve business??”
Moderator: Ralf Braga (Talkdesk)
- Marco Pereira (Bitsight)
- António Jesus (Thales)
- Manfred Ferreira (Warpcom)
Some loose notes:
- Insiders are the bigger threat, it is necessary to create awareness on companies.
- A DPO is not merely a check-box to fill.
- Large groups know when they will be attacked, social network surveys can tell us what will happen.
- Where can we go against these threats? Probably the cloud.
- Cybersecurity training in companies is required. The ecosystem must be in compliance. You have to create a strong core.
Panel 1 of the event
Panel 2 – “Cybercrime: are we ready for a cyber attack?”
Moderator: Luís Azevedo (itSMF)
- Ana Pipa (IPTelecom)
- João Manso (Redshift)
- Raul Azevedo (WeDo Technologies)
Some loose notes:
- People who are dealing with cybersecurity issues have to know the home as the teams themselves. It is necessary to have processes and involvement of all from the beginning to create prevention
- Investment in prevention is often poorly conducted and cybersecurity training is still very rare in Portugal.
- To prevent it is necessary to know the size of the threat.
- How well do we know our house? We need to know if a device is integrated or if someone is getting data from our home.
- Detecting failures and getting a report can take months. It takes a workflow to respond to situations and everything has to be interoperable.
Panel 2 of the event
Panel 3 – “The alignment and misalignment between what the market needs and what the education system provides”
Moderator: Henrique Santos (UM – EPMQ)
- João Paulo Magalhães (IPP)
- Pedro Inácio (UBI)
- Ricardo Marques (S21 Sec)
- Hermano Correia (APCER)
Some loose notes:
- The courses are very generic. Cybersecurity is a very large area in universities. The masters are more focused on the technological part.
- Finding professionals with adequate skills and soft skills is a great challenge. Companies lack human resources with skills and experience, capable of managing situations emotionally.
- More ethical behavior is required and self-learning is encouraged in students. To encourage students are provided principles but students have to develop skills by themselves.
Panel 3 of the event
Closing the event was Ana Lima, Lab IT EPMQ Development Coordinator.