A carregar...
Publicação
Avaliação de implementação de cibersegurança em empresas portuguesas : análise dos principais desafios e melhores práticas
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 1.46 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
No presente contexto empresarial e tecnológico, temos vindo a verificar uma contínua digitalização das organizações. Uma consequência deste fenómeno é o aumento do número de incidentes cibernéticos. O presente Trabalho Final de Mestrado incide sobre o tema da cibersegurança no contexto empresarial português, com particular destaque para as Pequenas e Médias Empresas (PMEs), dada a sua relevância económica e maior vulnerabilidade a ataques informáticos. Este trabalho apresenta uma reflexão das dificuldades que as PMEs enfrentam na implementação de práticas eficazes de cibersegurança. Estas dificuldades estão frequentemente associadas à escassez de recursos financeiros, à ausência de pessoal qualificado e à fraca cultura de segurança digital das organizações. Para levar a cabo esta investigação foram seleccionadas duas questões de investigação: (1) Quais são as medidas de cibersegurança mais adotadas pelas empresas portuguesas? e (2) Quais são as ameaças de cibersegurança mais comuns nestas organizações? Considerando estas questões, este estudo tem como objectivos identificar as práticas de cibersegurança atualmente em vigor, compreender os principais riscos enfrentados pelas organizações e analisar o grau de maturidade cibernética das empresas portuguesas, assim como o envolvimento dos seus quadros superiores na gestão da segurança digital. O presente projecto utiliza um método qualitativo, baseado na realização de entrevistas a sete profissionais de variados setores de atividade. A análise temática dos dados foi feita com o apoio do software MaxQDA. Posteriormente, o resultado obtido nas entrevistas foi cruzado com a informação apresentada na Revisão de Literatura. Alguns do resultados esperados nesta investigação incluem a identificação de práticas comuns de cibersegurança, como a utilização de firewalls, antivírus e políticas de backup, bem como a elevada frequência de tentativas de ataques de phishing. A análise revelou ainda disparidades significativas entre as empresas no que toca à maturidade cibernética, ao conhecimento dos colaboradores e ao envolvimento dos gestores de topo. Verificou-se também um conhecimento limitado sobre as diretivas legais aplicadas, e a ausência ou precariedade de formação estruturada em cibersegurança. Por último, a investigação aponta para a necessidade de sensibilização e capacitação contínua das organizações, reforço da liderança na área da segurança digital, e adoção de normativas adaptadas à realidade das PMEs. A longo prazo, estas ações poderão contribuir para o fortalecimento da resiliência cibernética do tecido empresarial português.
In the current business and technological landscape, we have been witnessing a continuous digital transformation of organizations. One consequence of this phenomenon is the increase in the number of cyber incidents. This Master's dissertation focuses on the subject of cybersecurity in the Portuguese business context, with particular emphasis on Small and Medium-sized Enterprises (SMEs), given their significant economic impact and increased vulnerability to cyberattacks. This paper examines the challenges faced by SMEs in implementing effective cybersecurity measures. These difficulties are often associated with a lack of financial resources, the absence of qualified personnel, and the organization's weak digital security culture. To carry out this research, two research questions were selected: (1) What are the cybersecurity measures most adopted by Portuguese companies? and (2) What are the most common cybersecurity threats in these organizations? Considering these questions, this study aims to identify the cybersecurity practices currently in place, understand the main risks faced by organizations, and analyze the degree of cyber maturity of Portuguese companies, as well as the involvement of their senior management in digital security management. This project employs a qualitative method based on interviews with seven professionals from diverse sectors. The data analysis was conducted using MaxQDA software. The results obtained in the interviews were then cross-referenced with the information presented in the Literature Review. Some of the expected results include the identification of standard cybersecurity practices, such as the use of firewalls, antivirus, and backup policies, as well as the high frequency of attempted phishing attacks. The analysis also revealed significant disparities between companies in terms of cyber maturity, employee knowledge, and the involvement of senior managers. There was also limited knowledge of the legal directives applied, as well as the absence of structured cybersecurity training. Ultimately, the research underscores the importance of raising awareness and continually training organizations, enhancing leadership in digital security, and implementing regulations tailored to the specific realities of SMEs. In the long term, these actions could boost the cyber resilience of the Portuguese business community.
In the current business and technological landscape, we have been witnessing a continuous digital transformation of organizations. One consequence of this phenomenon is the increase in the number of cyber incidents. This Master's dissertation focuses on the subject of cybersecurity in the Portuguese business context, with particular emphasis on Small and Medium-sized Enterprises (SMEs), given their significant economic impact and increased vulnerability to cyberattacks. This paper examines the challenges faced by SMEs in implementing effective cybersecurity measures. These difficulties are often associated with a lack of financial resources, the absence of qualified personnel, and the organization's weak digital security culture. To carry out this research, two research questions were selected: (1) What are the cybersecurity measures most adopted by Portuguese companies? and (2) What are the most common cybersecurity threats in these organizations? Considering these questions, this study aims to identify the cybersecurity practices currently in place, understand the main risks faced by organizations, and analyze the degree of cyber maturity of Portuguese companies, as well as the involvement of their senior management in digital security management. This project employs a qualitative method based on interviews with seven professionals from diverse sectors. The data analysis was conducted using MaxQDA software. The results obtained in the interviews were then cross-referenced with the information presented in the Literature Review. Some of the expected results include the identification of standard cybersecurity practices, such as the use of firewalls, antivirus, and backup policies, as well as the high frequency of attempted phishing attacks. The analysis also revealed significant disparities between companies in terms of cyber maturity, employee knowledge, and the involvement of senior managers. There was also limited knowledge of the legal directives applied, as well as the absence of structured cybersecurity training. Ultimately, the research underscores the importance of raising awareness and continually training organizations, enhancing leadership in digital security, and implementing regulations tailored to the specific realities of SMEs. In the long term, these actions could boost the cyber resilience of the Portuguese business community.
Descrição
Trabalho Final de Mestrado, Ciências Empresariais, ISEG, 2025.
Palavras-chave
Cybersecurity SMEs Portuguese Companies Cybersecurity Maturity Cyberattacks Staff Training Cibersegurança PMEs Empresas Portuguesas Maturidade Cibernética Ataques Cibernéticos Formação de Colaboradores