The three main hack cases in Portugal recently were related to SL Benfica emails, the PLMJ, and the Champalimaud Foundation.
The intern files of PLMJ, one of the biggest law firms in Portugal, were illegally accessed and disclosed containing corrupt information about SL Benfica known as E-Toupeira case and information connected to the Marquês Operation, a case that accuses the former Prime Minister José Socrates of being corrupt. The Champalimaud Foundation, one of the most important buildings in Portugal that focuses on the development of advanced biomedical research programs and interdisciplinary clinical care delivery, declares that they were a victim of a “hack without precedents”.
Football, justice, and health, just to quote these three cases, were in sight of hackers who steal information and destroy value, as the old corsairs rap women and burned boats. But in Portugal, there’s still a long way to go. The SL Benfica emails aren’t being taken care seriously, the PLMJ documents are being spread with joy and what happened in the 44 hours “until all systems were fully reestablished in the Champalimaud Foundation”, no one knows.
In almost every indicator, Portugal stays below the European Union average in terms of cybersecurity, even though the problem is seen as serious by companies like a study made by the global leader in insurance broking and risk management, Marsh, demonstrates. But realizing that 70% of the members of the administration counsels classify the Cyber-Risk as one of the most preoccupying and just 14% are confident in the response capacity of their companies, is an incomprehensible mystery. Just in Portugal.
Another report, by the Strategy office and studies by the Economy Ministry, organized by Gabriel Osório de Barros, leaves companies and the State in a bad position and shows a cyber unprepared and delayed country, with inefficient and badly applied security services.
An example of that is Portugal being the third country in the European Union that suffers more with malware attacks (computer virus) and the eighth-most vulnerable, and where only 2.3% of the servers hosted from Portugal is cyber insecure at everyone’s sight.
Maybe because the protection of personal data law was just passed the last month, a year after it came into effect, there were only applied four penalties in the total value of 424 thousand euros, however, there won’t exist any excuses now. The values to pay can reach 4% of the annual business volume, with a limit of 20 million euros for big companies and 2 million euros for medium companies.
When tax authorities understand that there is revenue here, no one escapes.
Originally published in Portuguese at Jornal de Notícias