Cybersecurity: The Italian Paradise for Hackers
The current and rising spread of cloud computing, social media, wireless connectivity, e-commerce and big data is showing every day more and more severe impact on the security of information systems. Much like the rest of the world, cyber-attacks in Italy constitute a present issue in the increasingly open and mobile market.
The aim of this article is to analyse and identify the critical matters that emerge from Italian Cybersecurity National Framework and to address the gaps to fill and work on.
Italy is the fourth-largest market for both ICT and telecommunications equipment and services in the European Union and recently it has been one of Europe’s top targets of cyber-attacks and remains a paradise for hackers. Cases have risen in numbers and severity. The Italian trade association CLUSIT estimates that total damage caused by cybercrime in Italy in 2015 was close to $10 billion. Only in 2016 cybercrime has increased by 30%, digital attacks by 16%, espionage activities by 39% while attacks to critical infrastructures grew by 154%.
Cyber-attacks are becoming extremely profitable for cyber criminals eager to earn high profit margins, while at the same time maintaining expenses very low.
Even though Italian companies seem to gradually show an increasing level of attention on the matter, true awareness of the risks is still missing. Security measures appear quite inadequate to face the present threats and undoubtedly a reallocation of resources for security tools should be next step on the agenda.
Currently, Italian key issues involve:
High capacity DDoS attacks (Distributed Denial of Service). They are a type of Denial of Service (DoS) attack with multiple compromised systems, where the data transmission speed is never under 1 Gigabit per second and which hence may rapidly overwhelm the transmission channel of the selected target.
The renewed diffusion of “simple” attacks and “SQL injection” attacks, used generally by hackers to steal data from organizations, showing a mediocre level of information security.
A severe and drastic increase Advanced Persistent Threats, which are an enhanced type of malware.
The advent of “phone fraud” in the VOIP (Voice over IP) systems.
The increase in automated attacks distributed from the C2 (Command and Control) console.
In the most recent months, company networks have been targeted by some 2300 diverse active malware versions, but [one does] not have to forget that the most significant threats affect the activities of ordinary Italian citizens such as smartphone and networking sites as well.
Vulnerability is self-evident and the need for compliance with national and international legislation is crystal clear. Cybersecurity is a priority not only for large enterprises or governmental agencies, but also for small- and medium-sized Italian companies. Companies must be educated to guard information assets through cyber security measures and to invest in data protection as a crucial factor to let them guarantee some important competitive advantages. Once businesses accept that cyber-attack is an actual thread, they can move to the next step: implementing a Cyber Resilience Program (CRP). A CRP encompasses the ideas of defence and prevention, but goes beyond.
A CRP involves the following measures:
Define business risks. Instead of focusing on the compliance checklist, turn attention to the company itself. What consequences can you live with? What would put you under?
Develop security policy. Cyber resilience includes cyber security of course, but the attention is driven towards threats and mechanisms to control the ones directly affecting your key assets.
Delineate a cyber recovery plan. A specific, well-tailored, comprehensive and rigorous plan.
Determine a testing regime. The CRP shall be checked on a regular basis to ensure that you can count on it or conversely adapt it to your needs.
Businesses need to accept this paradigm shift from cyber security to cyber resilience in order to create strategic advantages out of it.
Meanwhile, Italian banks following the path of prevention - have set up a cybersecurity response team “CERTFin” in order to collect statistics, information and reports and analysing the phenomena linked to cybersecurity. CERTFin is a highly specialised Computer Emergency Response Team (CERT) for Italy’s financial sector, created as a major safeguard to prevent and fight against combat cyber threats linked to the development of new technologies and to the digital economy.
It potential is enormous since it enables banks and financial operators in Italy to exchange information and gives them several new tools to further strengthen their security safeguards. From January 2017, CERTFin will be gradually operating in the marked, enabling Italy to reach the international standards required in the fights against cyber-crime the within two years. The collaborative effort and the exchange of information will surely benefit the country as a whole.
As the economic and technological systems of Western countries are highly dependent on Cyberspace, they require more and more accurate risk analysis and management of related threats. KMLegal will offer you our experienced English-speaking advisors who can take care of your company. [Cybersecurity lawyers] will support you through the whole process of analysis and prevention:
Performing due diligence in order to investigate the financial position of the company;
Identifying the adequate security measure to implement;
Structuring the best safeguards;
Tailoring control system to reduce risks.
ABOUT THE AUTHOR: Riccardo Virga
Avv. Riccardo Virga is an expert in Private Client and Real Estate, with a particular focus on cross-border complex real estate transactions involving the sale and purchase of properties in Italy and Spain. Avv. Riccardo Virga graduated in Law at the University of Ferrara and was Visiting Foreign Student at the University of Berlin. He has a Masters in Tax Law.
Copyright KM Legal Net
More information from KM Legal Net
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer. For specific technical or legal advice on the information provided and related topics, please contact the author.