Cybersecurity, the risks for Italy amplified by the conflict in Ukraine

In three reports outlined the cybersecurity scenario. Exprivia notes a spike in war-related damage in March. For Trend Micro, vulnerabilities increase despite the fact that we are among the most virtuous in Europe. And Thales points out that 50% of companies have no defense plans 06 May 2022 A. S.

The conflict in Ukraine and the ongoing international crisis could contribute to adding fuel to the flames of the cybersecurity scenario in Italy and on a global scale. Our country, despite being at the top of the group of the most virtuous ones in Europe in the field of cybersecurity, is still particularly exposed to the offensives of hackers, while 29% of the companies that suffer an attack did not have any defense plans in place. These are the most important findings emerging from three recent cybersecurity research published recently by Exprivia, Trend Micro and Thales. Index of topics • Exprivia: 2022 will be characterized by the growth of threats • Trend Micro: Italy at risk, but virtuous in Europe • Thales: one out of two companies attacked has no defense plans Exprivia: 2022 will be characterized by the growth of threats According to the company's cybersecurity observatory, the first quarter of 2022 was for Italy - from the point of view of cyber threats - the worst in the last two years: between January and March, 806 cases of attacks were recorded in our country, accidents and violations of privacy, with an increase of 78% compared to the last quarter of 2021: 213 events in January, 207 in February and 386 in March, "the month of greatest impact - explains Exprivia - in which criminals have exploited the situation of international instability linked above all to the war between Russia and Ukraine. In addition to online banking and virtual purchases, which maintain the primacy, the Russian-Ukrainian war emerges among the pretexts to hit the victims, with frequent deceptions that hide behind fake news on the conflict or false humanitarian aid campaigns. Specifically in the quarter they occurred

408 attacks, 379 security incidents - that is, successful attacks - and 19 privacy violations, which resulted in damage mainly related to the theft of data and money. "In the past two years, events with a high political and economic impact and related social tensions have allowed criminals to exploit occasions such as Covid or, recently, the conflict between Russia and Ukraine to deceive victims, in most cases to for profit - comments Domenico Raguseo, Cybersecurity director of Exprivia. In the boundless digital ecosystem in which we live, it is not easy to attribute the causes and geographical origins of cybercrime; if an attack is developed for a designated victim, it could affect others as well, and if a malware is used for a specific purpose, it could soon become the property of other criminals who will use it for different purposes. So, at the moment we are experiencing firsthand the first damage caused by the war conflict also online, and in the coming months the consequences could be even more severe ". "The reporting of cybercrime on the sources analyzed in our Report is growing, also as a result of the increased criticality of the digital services on which we depend. The greater the impact and duration of an accident or simply of an attack, the less likely it is that it will go unnoticed - Raguseo observes - Even in the mass media, the visibility and relevance of cybercrime are now increasing hand in hand with the new vulnerabilities exploited by criminals ". Trend Micro: Italy at risk, but virtuous in Europe According to data from Trend Micro's “Cyber risk index” in collaboration with the Ponemon Institute in the second half of 2021, Italian companies are considered to be at “high risk” of suffering an attack or a violation and have low capacity to react. The study investigated the levels of risk related to cybersecurity in companies around the world and mapped the current scenario through the creation of the Cyber Risk Index (CRI), an indicator that calculating the gap between the company's cyber defenses, i.e. security and the possibility of undergoing an attack, is able to predict the risk of suffering serious cyber damage in a given area . The Cyber Risk Index is based on a numerical scale ranging from "-10" to "10" with the value "-10" representing the highest risk. The risk scale consists of “low risk”, (green) “moderate risk” (yellow), “high risk” (orange) and “high risk” (red). The current global Cyber Risk Index is “-0.04” which is high risk. The area with the greatest risk is that of South America, with a Cyber Risk Index of "-0.20". Followed by Europe with "-0.15", the United States with "-0.01", while the most virtuous region is the Asian one with an index of "0.20" and the only one with a moderate risk. Companies located in a "high risk" area are characterized by the high possibility of suffering data compromise, poor visibility of threats within networks and the lack of an incident management and reaction procedure . Italy has a risk index of "-0.01" and is better positioned than other European countries such as Spain (-0.08), Germany (-0.08), UK (-0.11) and France (-0.27). Globally, the study shows that in the last year 84% of companies have suffered at least one cyber attack and 76% of companies fear they will suffer one in the next 12 months. The most feared threats are ransomware, phishing / social engineering attacks and denial of service (DoS), in addition to the negative consequences of a breach such as stolen or damaged data or property, the costs associated with production shutdown and for the resolution of the critical issues. "Implementing an effective cybersecurity strategy also includes risk management. With this in mind, studies such as our Cyber Risk Index can represent an excellent resource for identifying any points of greatest concern - underlines Lisa Dolcini, Head of Marketing at Trend Micro Italia - Threats to remote work and digital infrastructures persist and companies should adopt a platform-based approach that optimizes security and minimizes risks at the same time ". Thales: one out of two companies attacked has no defense plans According to Thales' Data Threat Report 2022, which surveyed 17 countries interviewing over 2,700 IT managers, 29% of companies globally have experienced a data breach in the past year and, despite huge investments in the industry, only 48% of them have a formal plan to counter it. In addition, 21% of respondents experienced a ransomware attack and 20% of them paid or would pay a ransom to get their data back. In the face of such an alarming situation, according to the research by Thales, which will participate in Cybertech Europe in Rome on 10 and 11 May, 41% of the companies in any case affirm that they have no plans to invest additional financial resources for safety. The report also highlights how the increased risk is linked to the growing adoption of the cloud. In fact, 32% of respondents say they store at least half of their data in the cloud, however the use of encryption is very low as half of the respondents reveal that they have encrypted only 40% of their sensitive data.