Which are the main threats to cyber security?
The current IT environment is very sensitive, especially for Italy, which unfortunately accounts for 7.6% of global cyber-attacks (which in turn are growing by almost 80% in numbers each year). This is a very high figure, and it is constantly growing. The success of cyber-attacks is most often caused by unintentionally clicking phishing emails or attachments carrying malicious content. In order to prevent this from happening to our enterprise, raising awareness of Cybersecurity issues throughout the Group will be of paramount importance, as well as employing all the technological measures necessary to protect us from outside threats.
In the current climate of crisis, to what extent is our company secure?
The concept of cybersecurity is difficult to measure because, unfortunately, everyone is NEVER completely safe. Even associations or companies that invest millions in security cannot claim to be risk-free. The area we work in is risk reduction or restricting the surface of attacks. What we can and should do is increase the degree of complexity required for hackers to penetrate our systems, which results in greater investment requirements (proportional to the degree of security we have implemented) on the part of the attacker. These greater investments make the attack methods and policies used by hackers uneconomic, and they are thereby discouraged from pursuing additional attacks. We have set a goal of achieving a satisfactory level of complexity as early as the end of this year.
What are the company’s future plans to improve cybersecurity and how are you currently working to implement them?
To increase the level of corporate security, we are working across several fronts: procedural, technological and in terms of Governance (such as the creation of specific policies and procedures to regulate IT management). As you can imagine, the degree of complexity is very high because the IT perimeter of a company is very extensive, and every single element proves to be exploitable in attempting to compromise IT systems. On a corporate level, we are in the process of structuring our organization to have more intensive, timely and proactive monitoring of cyber anomalies with the assistance of Cybersecurity experts who will be constantly monitoring our infrastructure. In addition, specific courses dedicated to cyber security will soon be activated to train employees on how to identify and manage potential threats.