Managing computer security essentially means guaranteeing the protection of information assets and, as a consequence, the security of the company’s digital data
by Valerio Alessandroni
The growth rate of digital threats in Europe is disquieting. In 2016 over 4,000 ransomware attacks a day were recorded, carried out by means of malware that limits the access to the infected device demanding an amount as ransom, to be paid in order to remove the limitation. 80% of European companies experienced at least one cybersecurity accident during the past year. Security accidents in all segments increased by 38%. in some member States cybercrime accounts for 50% of all crimes committed.
How to use software platforms as protection
Le us start with a simple comparison. When we travel by car, we are highly focused on the quality of the tarmac or on the services we can find along the road, but we might not notice that a lorry is driving against the flow of traffic or that a car nearby is on fire. In terms of infrastructure:
it is fair enough to worry about our network’s performances and to consider the opportunities created by the cloud, but we should know the infrastructure better and understand how we send out and receive data. What should we do? Magic wands do not exist and therefore the concept of “security by product” should be set aside; it makes much more sense to talk about “security by design”.
A protective suit made to measure is the best possible solution: to create it, however, first of all measurements must be made. We almost always concentrate on what lies within the plant or office without considering that IoT completely redefined the notion of perimeter. Nowadays there are software platforms which can “sniff” the network and point out all the devices and appliances included in the infrastructure. Having laid down our plan, traffic may be monitored, defining policies and volumes of data traffic which may be turned into rules.
At this point detecting faults should be easier and, having defined the critical issues, it will be possible to carry on by defining specific solutions.
What are the European initiatives: a network of competence centres
In order to equip Europe with tools suitable to tackle the constant evolution of digital threats, the European commission suggested in 2017 a series of measures with a wide scope. Besides the already ongoing EU initiatives, the Commision recently suggested the creation of a network of competence centres and of a European centre of industrial and technological competence and of research on cybersecurity. The European competence centre will coordinate the use of funds foreseen in the EU’s next long-term forecast for the 2021-2027 period, within the framework of the European Digital and Horizon programs. The Centre will support the network and the community in the realization of research and innovation in terms of cybersecurity and will plan the joint investments of the EU, member States and industry. For instance, within the European digital program, 2 billion euros will be invested in safeguarding the digital economy, society and democracies of the EU, promoting the EU sector of cybersecurity and financing cutting-edge equipment and infrastructures in this sector. Each member State will appoint a national coordination centre at the head of the network, which will endeavour to develop new skills and broader competence on the subject. The network will help to single out and support the most significant projects in the member States.
Cybersecurity in Italy: the increase in “digital guardians”
Even though the perception of risks connected to cybercrime in our Country is still very low, during the past few years a significant growth has occurred in the number of companies providing tools and services to fend off this threat. Therefore, while the growth of cybercrime on a global level gives rise every day to greater damages to trade and public institutions, the Italian enterprise system is trying to solve the problem.
According to a report by Unioncamere-InfoCamere, between 2011 and mid-2017 Italian companies offering services in the filed of information security or cybersecurity increased by 36.8%, from 505 to 691. This leap forward in the number of operators was echoed by an almost twofold increase in the number of employees, which went from 3,504 to 5,609 during the same period. In relative terms, this corresponds to a 60% increase in the five and a half years being analyzed, corresponding to an average of 16 employees per company on June 30th, 2017. Over half of the existing companies at the end of September 2017 (368) was founded after 2011. The higher concentration of “digital guardians” was recorded in the Lazio region, where on September 30th, 2017, there were 166 companies (24% of the total); Lazio also accounted for the best part of the overall growth in the period. Runner-up in both ranking lists is Lombardy (with 122 resident companies at the end of September), while Campania, Sicily and Veneto turned out to be the regions with the highest awareness as to the theme of cybersecurity and professional fight against cybercrime.
Planning the right way to tackle a breach
It is impossible to guarantee total security against cybercrime, however it is essential for companies to define, by means of a purposely designed action plan, the ways in which to respond to a security breach.
Such a planning activity must identify the reference person or team to whom the management of the breach should be entrusted. It is also essential to adequately train employees and cooperators, defining a policy which clarifies what they may, may not or must do.
Three fundamental principles at the foundation of every strategy
Managing cybersecurity in an organization basically means guaranteeing the protection of information assets and, therefore, the security of the company’s digital data. But how can a correct and adequate data management be ensured? Strategies, activities, roles and competences may be different, but every information or cybersecurity strategy is always founded on three basic principles: confidentiality, integrity and availability of data. These principles should be sought in every security solution, also considering possible risks and flaws. Current cybersecurity and privacy themes work together since each one is functional to the other. A recent survey by the Information Security & Privacy Observatory of Milan’s Polyclinic showed that the information security solutions market in Italy reached a turnover of 972 million euro in 2016: 5% more than in 2015. Unfortunately 74% is spent by large companies, so SMEs are only left with 26%, just over 250 million.
Cybersecurity seen as a necessary investment
Although the cybersecurity theme has been more and more closely examined by local and European lawmakers, the lack of an adequate awareness with respect to digital threats is still evident.
It is therefore necessary to adopt a new approach, considering security as an investment and a necessary condition to guarantee the competitiveness of our production system. In this respect, it is also essential to promote a security culture, raising users’ awareness as to the opportunity of adopting a series of measures aimed at preventing possible hacker attacks: frequently changing the passwords of one’s accounts, not opening links or downloading files which come from suspicious and unverified sources. It could also be useful to envisage training programs to enable young persons to understand the risks which the use of these technologies implies.