How to improve cyber resilience

Speech by Fabio Momola, CEO of D. Hub, Cybertech, COO of the Engineering Group

The dramatic escalation of the crisis in Ukraine is bringing to the center of the scene an issue that in recent years has gained increasing but never definitive attention: Cybersecurity. As the recently published Clusit Report reminded us, cyber attacks around the world increased by 10% in 2021, causing six trillion dollars in damage. Despite these data, however, bombs were needed on the borders of Europe to make us truly perceive the dangers of cyber wars. In our country, which suffered 143 serious attacks between January 2018 and June 2021, investments in cyber security are starting to be significant, but the 1.55 billion spent in 2021 can only be considered a starting point, given that they still place last among the G7 countries. It must also be admitted that most companies and public administration bodies still do not follow adequate strategies, relying on emergency rather than structural logics. As Digital Transformation Company Engineering feels the responsibility, also socially, to guarantee security in this phase of strong digital transition of the country: we like to talk about "secure digitalization" and we consider IT security as a key element of Digital Transformation, knowing that achieving the “Zero risk” is impossible, but it is possible to implement prevention actions through which to reduce the risks and guarantee the companies of the country to derive the maximum benefit from digital innovation. In Cybertech, a company of the Group specialized in Cybersecurity, we believe that in order to develop an adequate level of cyber-resilience, the Country System must follow three directives: investing in technology, focusing on the training of specialized figures, decreasing human error by increasing awareness of all those who use the IT systems of a company or a Public Administration for various reasons. Several times, during these weeks, both Roberto Baldoni, Director of the National Cybersecurity Agency, and the Undersecretary of State to the Prime Minister Franco Gabrielli have stressed that Italy needs to achieve technological independence, with which to obtain national resilience in the field of cybersecurity. In fact, as Nunzia Ciardi, Deputy Director General of ACN, recalled in a recent interview with Repubblica, the problems related to the Kaspersky antivirus, which is used in thousands of PA offices and many Italian companies, are not of a technological nature, but of a geopolitical nature. Developing our Cybersecurity technologies, in a market where Russia, the United States and Israel are the masters, would therefore mean preserving our technological and economic stability from the sudden implications of history. Focusing on technological development means first of all investing in training: Italy needs IT professionals able to define robust IT architectures and manage cutting-edge technologies, with which to prevent the risks of cybersecurity rather than repair the damage caused by a successful attack. Finally, cyber-resilience depends not only on technologies and architectures but also on the behavior of resources within organizations. For this reason, continuous training must not only concern the technical figures but must involve all those who use a company's devices. In the last two years, the growing use of smart working has brought with it an increasingly mixed use of corporate devices and home networks, which have dramatically increased cyber attacks. Training people, spreading a culture of cybersecurity, therefore becomes the best way to defend our New Normal, where the integration between physical and digital is increasingly widespread. It is a good thing that Italy, well before the geopolitical tensions unleashed by the war in Ukraine, equipped itself with a structure such as the National Cybersecurity Agency, a fundamental unit that immediately set up a model of dialogue between public and private with all the players in the market, including us, who have always aimed to be a fundamental asset for the country. We are also happy to find that, among the indications of the ACN, there is an important invitation to focus precisely on the training of people, an activity that has always had a strategic value in Engineering. In fact, through our IT & Management Academy, we train young talents who enter the company and offer upskilling and reskilling paths to our professionals and all our stakeholders. Aware that focusing on human capital helps us and secure the country's innovation path.

cyber resilience