Scanning tools, technical testing, monitoring platforms and automated alerts have become common across many organisations and, as a result, most are now able to identify vulnerabilities. However, this has not translated into an equivalent reduction in the number of incidents. The problem rarely lies in the lack of…
For years, cybersecurity strategies have largely focused on external threats: ransomware, phishing, vulnerability exploitation or supply chain attacks. However, there is a risk that continues to grow inside organisations, often without malicious intent, without visible alerts and without going through normal security processes. That risk…
The problem is no longer the lack of policies or audits One of the main concerns for organisations used to be failing to comply with regulatory requirements. Failing audits, lacking documented policies, or not meeting the expectations of customers and regulators was seen as…
In recent years, the European Union has significantly strengthened its cybersecurity regulatory framework. NIS2, the Cyber Resilience Act (CRA) and DORA are often discussed together, which leads many organisations to treat them as equivalent. They are not! Each of these regulations addresses different dimensions…
Vulnerability management is far from being a new problem, but even so, it continues to be one of the weakest points in most organisations. There are numerous tools and alerts, but the number of exposed vulnerabilities continues to grow, and incidents continue to…
The European Union has been consolidating a regulatory approach that places digital security at the centre of economic activity. Initiatives such as the Cyber Resilience Act (CRA), the NIS2 Directive and the DORA Regulation do not emerge in isolation; they…
We are proud to announce the recently formed partnership with Codacy, a global leader in Application Security and code quality. By combining their expertise, the two companies are dedicated to helping organizations establish trust in their software by taking a…
Portugal is not behind when it comes to cybersecurity. In recent years, the sector has shown progress and greater maturity in several areas, but even so, there is a common trait that runs across different organizations: the tendency to confuse…
Companies are increasingly investing in cybersecurity tools such as firewalls, antivirus solutions, EDR, SIEM and monitoring platforms, among other solutions, all of which are essential components of any digital ecosystem. However, it is important to keep in mind that technology,…
Although often associated, Pentesting and Red Teaming are distinct methodologies, with different objectives, scopes, and outcomes. The correct application of each can determine whether an organization merely identifies technical vulnerabilities or actually validates its ability to withstand real and persistent…
Generative AI is rapidly becoming part of companies’ daily operations. While some organizations are naturally more cautious than others, almost all end up using it for reasons of productivity and task simplification. The problem is that, in many cases, this…
In the context of cybersecurity, a recurring question about Pentesting is: “Why execute a Pentest on a recurring basis?” At first glance, it may seem only like an additional expense or an obligation resulting from regulatory requirements. However, Pentesting stands…