How many digital attacks are carried out every day on the net? It’s hard to give a precise answer. Mainly because, as with any traditional thief, the hits that make the news are often the ones that have failed to be stopped or hidden in a war that shows no respite. In the last semester of 2018, according to data released during the CyberSecurity 360 Summit, the annual Digital360 event of last November in Rome (a meeting between companies, institutions and politicians), in our country there have been 730 “Serious” attacks equal to an increase of more than 30%.
On one end, individuals or groups (sometimes unofficially covered by some national body) that become more and more cunning and innovative. On the other, companies or individuals who have not yet adjusted their virtual defenses. To do so, according to the Cyber Security and Privacy Observatory of the Politecnico di Milano, Italian companies spent 1.19 billion euros in 2018 (+ 9% compared to 2017 when, the increase was 12%). The large companies that cover 75% of the capital invested in this sector are the ones driving the investments. A quota that, in most cases, is still spent for the adaptation of its systems to the Gdpr, the European protocol for the defense of digital privacy that became active in May 2018. At an investment level, SMEs are lagging behind: only 18% reached a mature level of cyber security.
For 59% of security managers, the challenge is not to identify and eliminate threats, but to be able to be heard internally in their companies; a percentage that reaches 69% if we consider only the Italian sample
At the center of these investments, including long-term investments (as in 52% of companies), is the prevention and defense against certain very precise attacks such as scams (by means of phishing and compromised business emails), extortion and intrusion espionage and service interruptions that target personal accounts, eCommerce portals and websites. Not to mention mobile devices that, according to 57% of respondents, is the next weak link of the digital system. Because at the end of the day, the greatest threat is always the same: distraction (to which obsolete or heterogeneous systems are added also in 41% of cases). This is why 80% of companies have enrolled their employees in digital training courses. Numbers enjoyed by the IT security sector: “The market is dynamic, with growing awareness and budget,” said Gabriele Faggioli, scientific director of the Observatory. “However, greater pervasiveness of security initiatives is required at all managerial and organizational levels of companies and greater involvement of profiles dedicated to privacy”. Not surprisingly, the cyber security expert is often a solitary position. According to research published by Trend Micro, of 1,125 interviewed profiles, 34% admit that satisfaction in the workplace is not adequate. So what’s the main reason? For 59% of security managers, the challenge is not to identify and eliminate threats, but to be able to be heard internally; a percentage that reaches 69% if we consider only the Italian sample.
And yet, the demand for professionals in the sector is not lacking. 41% of companies expect an increase in staff dedicated to security management, 21% will also do so on the privacy front (with 59% of companies still having to complete the transition to the Gdpr). The Data Protection Officer (Dpo), therefore, was formalized in 65% of the companies in the last year. It’s responsible for informing the person in charge and the data controller and all employees about the obligations of the Gdpr and creating, if needed, a document that evaluates the risk to which the integrity of the data is subject (Dpia) indicating the technological and organizational measures necessary to mitigate them. Next, companies are looking for Ciso (Chief Information Security Officer) who, through the implementation of a corporate strategy, avoid the possibility of data breach. In both cases these are two managerial figures that are often named internally. The situation is different for the more executive roles, such as that of Security Administrator, which deals with making the technological solutions in the field of security operational. Or like the Cyber Risk Manager who identifies risk scenarios and cyber threats. The figure of the Ethical Hacker is more “romantic”, its job being to simulate security incidents to test the defense systems of companies and highlight their weak points and then remedy them.