How Enel moves against hackers
di Giusy Caretto
Enel suffered two ransomware attacks during 2020, but the group led by Starace did not pay ransoms
“Enel does not accept attempts at extortion and confirms that he has not paid any kind of ransom”.
So the group led by Francesco Starace, answering questions from shareholders, reveals the strategy against hackers.
Enel, in 2020, has suffered two cyber attacks, while the company has blocked and identified every day an average of 1.7 million malicious email incoming or attributable to spam, over 300 viruses and over 150 attacks.
ENEL’S CYBER SPENDING
The company spent 52.6 million euros on cyber security in 2020.
THE TWO CYBER ATTACKS
The company faced two “ransomware” attacks in 2020. And “in both cases, it promptly detected the ongoing attacks on its computer network, promptly activating all procedures previously defined to address this type of events”, explains the company by responding to a shareholder during the recent shareholders’ meeting, stating that the group “has successfully prevented the completion of destructive activities on data and systems, thus preserving the operational continuity of the service. In addition, the security measures adopted have made it possible to prevent access by hackers to the most sensitive servers and applications”.
ACCESS TO EMPLOYEE DATA
With the second attack, the hackers had access to “a limited number of personal data of some employees.
“Enel – reads the answers – immediately informed the employees concerned and all the competent authorities, providing every possible detailed information. In particular, the Data Protection Authority on 23 December 2020 determined the conclusion of the examination of the personal data breach notified and the archiving of the related files”.
ENEL DOESN’T PAY HACKERS
During the attacks, Enel immediately informed all the competent authorities and did not accept “attempts at extortion”. The company confirmed, to the shareholders, “not having paid any kind of ransom”.
NOT JUST ATTACKS
In addition to cyber attacks, the energy group has blocked “every day an average of 1.7 million malicious emails coming in or attributable to spam, over 300 viruses and over 150 attacks to corporate web portals. Also in 2020, over 700 Internet domains with illicit use of the Enel brand and over 400 fake Enel profiles in social networks were detected,” explains the company.
WHAT HAPPENED IN BRAZIL
Cyber issues also in Brazil, but not related to cyber attacks. There has been an “unauthorized disclosure of personal data of a portion of customers in the city of Osasco, in the state of São Paulo. Enel Distribuição São Paulo has taken steps to inform directly and individually the customers affected by the theft of data, to publish information on its website and to notify the event to the competent Brazilian authorities”.