Lisbon, Oct. 1, 2025 (Lusa) - The manager of Portuguese telecoms operator, NOS, João Ricardo Moreira told Lusa on Wednesday that artificial intelligence (AI) is widely used for cyberattacks, but can also be adopted to mitigate them, and he advocated for increased cybersecurity maturity.
"Artificial intelligence is being widely used by threat actors to make attack vectors such as phishing or the exploitation of zero-day vulnerabilities (a previously unknown software flaw that has no security patch or fix available, meaning attackers can exploit it before developers have had "zero days" to respond) more effective," he said on the day of the Digital Operational Resilience Summit (DORS) organised by NOS in Oeiras, in the Lisbon district, which addresses cybersecurity issues.
"The adoption of AI itself also brings new risks that must be addressed," he continued, noting that "there are new defence approaches that use AI to mitigate these risks."
These will be some of the topics covered at the conference, which focuses on digital operational resilience and will showcase recent innovations following the transposition of NIS2 (cybersecurity law) approved by parliament in September.
Following this approval, an electronic platform will be launched where the entities covered must register within 60 days. They will then have two years to define measures to adapt to the requirements of the law.
"NOS views the emergence of these regulations [both NIS2 and DORA [Digital Operational Resilience Act]] positively, as they will certainly increase the organisation's resilience, either directly or indirectly through their effect on the supply chain," said the manager.
When it comes to regulations, "there is also regulatory risk, which can translate into operational, strategic or financial impact, which is also being addressed," added João Ricardo Moreira.
Organisations "must understand that this is a unique opportunity to raise their cybersecurity maturity, either because management is already concerned that cyber risks are the most critical risks to address, through regulation or specific obligations for management bodies," said the manager.
In the case of cyberattacks, the question is never if, but when a company or entity will be targeted.
What is certain is that "technologies play a very important role, but cyber resilience is also achieved through the degree of preparedness of organisations to continue operating in the event of a cyberattack," he argued.
ALU/AYLS // AYLS
Lusa
