According to data from the 2017 Clusit Report presented at the Cyber Security 360 Summit, there are 571 global public-sector attacks from January to June 2017, with a significant impact on victims, in terms of economic damage, reputation and dissemination of sensitive data: the worst semester of all time, with constant growth from 2011 to today.
This is what emerged from the Cyber Security 360 Summit, the event organized today in Rome by the Digital360 Group, which compared representatives of institutions, businesses and the university on the framework of cyber security in Italy.
No corporate or company or organization as well can feel safe: over 50% of them worldwide have suffered at least a serious offensive over the last year. Most of the attacks (36%) were launched with malware, +86% compared to the second half of 2016, but even Phishing and Social Engineering attacks also increased (+85%).
However, companies in Italy still invest too little in IT security, just under 1 billion euros, or 1.5% of overall ICT spending, as little as 0.05% of GDP.
“If 2016 was the “annus horribilis” [one of the worst year ever] for cyber security, in 2017 the situation has even worsened: today in Italy, as in the world, any organization is actually at risk of a significant cyber-attack – warns Gabriele Faggioli, CEO of P4I-Partners4Innovation , advisory and coaching company of Digital360 Group, and President of Clusit, the Italian Association for Information Security –. Worrying is about the growth of threats to smartphones, an object now owned by everyone, often without adequate protection systems, and in general about the growing exposure of users to social, cloud or Internet of Things, without the necessary security measures. While aggressiveness of attackers is growing and increasingly sophisticated attack instruments are spreading on the black market”.
Facing with growing threats, Italy has finally adopted a strategy for national cyber security that must be supported by adequate economic resources to be actually effective.
“The new national plan for cyber security and IT security, adopted by Italy according to the guidelines identified by the National Strategic Framework, has an ambitious goal: to stimulate further development of cyber architecture in Italy. A positive event: cyber protection and national IT security must be a process which will include all the players involved in cyber issue”, Faggioli said again.
“But now words must follow the facts and above all the investments. It is important to see what resources will be put in place in order to transform plans and guidelines into real interventions at all levels. Faced with a sure increase in attacks, we must aim to achieve a reduction in the number of successful ones and the damage caused in the coming years”.
In Italy, although the number of serious attacks in the public domain is low compared to the total, in the last year some excellent cases have risen: the alleged spying attributed to the Occhionero brothers, the attack on the unofficial systems of the Ministry of Foreign Affairs, the attack on a system of the Department for Public Administration, the Phishing attack against more than 200 thousand victims in July from Andromeda botnet. But investments in ICT Security – about 1 billion euro according to the results of the Information Security & Privacy Osservatorio of Politecnico di Milano in 2016 – appear to be not enough when compared to the total value of the ICT goods and services market, amounting to 66 billion euros, and to the total GDP.
“In the current framework it is important for all the players to be adequately aware of the issue of IT security – the CEO of P4I – Partners4Innovation concludes -. ” Companies must play their role, with adequate investments: an expense for Information Security of only 1.5% of the total ICT expenditure, about 0.05% of GDP, is really too little. It is important, however, that an adequate safety culture is spread among people, because sometimes simple measures are enough to prevent attacks”.All rights reserved