CLUSIT – Italian Association for Information Security – represents over 500 organizations belonging to all sectors of the national system.
Yesterday morning, during the plenary session of the Security Summit 2022, the Clusit Report for the First Semester of 2022 was made public.
Here are some personal considerations of Sandro Sana, Cyber Security Division Manager of the Eurosystem Group, on the event.
“The introduction by the president of ACN was very interesting. The National Agency underlined the importance of extending awareness of cybersecurity and highlighted how essential it is, for every citizen or professional, to learn to be attentive and aware of the risks incurred in the Cyber world: IT security passes through each of us”.
This consideration is certainly not far from what the Eurosystem Group has been pursuing for years.
The president also underlined how the nation and companies are increasingly looking for people with the right skills to enter the cyber world.
Back to the numbers. Due to the Russia-Ukraine conflict, attacks have sharply increased, especially in Europe. These are attacks such as Hacktivism, which has increased exponentially, Espionage-Sabotage, and information warfare attacks.
Furthermore, multiple target attacks are back in vogue, in which cybercriminals generally attack all companies, especially in the healthcare sector and government and military infrastructure.
The Malware is still at the root of these attacks, although attacks such as DDoS and Phishing are making a comeback. In fact, today, the techniques are multiple, demonstrating increasingly complex and engineered information attacks.
Highly impacted (high+critical) cyber threats have almost reached 80%, compromising the production chain of many companies. This percentage makes it clear how important it is to dedicate our efforts to creating safer and more secure systems and the need for companies to devote part of their budget to introducing these solutions with which to limit the risk of attacks.
Especially in the IoT and OT world attack, methods such as DDoS seem to be back in fashion; in part, because this world is the least protected and controlled, although the one with the greatest economic impact on the company.
The weaknesses of companies have remained the same for the past 30 years: “Passwords – Vulnerability – Phishing”. It is important to talk about protection from ZeroDay attacks and ZeroTrust infrastructures, but it is equally important to start working on security starting from the ABC.
Among the topics covered during the plenary session, one of the most interesting was CyberCrime as a Service.
The ecosystem that supports criminal activities in the cyber world is an ecosystem that offers services to which no one pays particular attention. Suffice it to say that, to date, there are platforms that promise to steal data and information from other organizations (the SCAMMERS).
Cybercrime today is a huge business that covers different areas and figures (programmers, computer engineers, criminals) who deal with various aspects: tools, money laundering, extortion activities, etc. Hackers are NOT kids with black sweatshirts and hoods but actual companies with a precise supply chain and pre and post-sales services.
In conclusion, as expected,
the Russia-Ukraine conflict has given rise to an increase in attacks, starting from the end of last year and even more during the first six months of 2023. 80% of these attacks proved to be critical and made evident the need to be prepared to defend ourselves. Our companies still have a lot to do, but this doesn’t just concern the technological field. As Prof. Baldoni, president of ACN says, cyber security is not just a technological aspect but increasingly covers transversal aspects: the human being, procedures, and technologies. The budgets reserved for cyber security have increased, but cyber attacks have also increased. What does it mean? So far the investments have not been good, and there is still a long way to go.
Sandro Sana, Cyber Security Division Manager, Eurosystem Group