AGI – This is stated by the latest Clusit 2021 report: Italian companies, including SMEs, are experiencing a real ‘cyberpandemic’. There is talk of a 78% increase in the number of cyber attacks in the last four years, we are at + 15% only for 2020, which means a serious cyber attack every 5 hours.
Side effects of the coronavirus emergency it has brought billions and billions of sensitive data on home computers, making the borders to be “defended” more vulnerable and wider. And it was the pandemic that increased the attention of companies towards Cyber Protection. According to a recent Alvarez & Marsal report aimed at estimating the changes induced by covid on sales in Europe, it is learned that 80% of companies in the coming years will consider investing in cybersecurity strategic.
Cybersecurity therefore as a corporate asset, but also as a pawn that fits into the framework of the debate on technological independence. At what point is Italy on this path? We talked about it with Nicola Mugnato, cyberecurity expert and founder, together with Gian Roberto Sfoglietta and Andrea Storico, of Gyala. Gyala is a Roman startup, born in 2017, which has a particularity that makes it unique in a sector dominated by big Americans: it produces Cyber Protection software completely Made in Italy.
What does it mean to create 100% Italian cybersecurity products?
Essentially two things: first to bring the very strong competence and brilliant genius that distinguishes Italian research and entrepreneurship in a sector dominated by foreign superpowers and, second, to create national solutions that allow us to get out of the foreign technological game.
Does Cyber Protection Made in Italy contribute to forming the Italian digital supply chain that is so much talked about? To what extent?
It is very simple: we cannot think of giving up the use of foreign hardware and software because this represents practically all of the information systems and automation systems of all sectors in our country. For this, we must at least have the ability to control what happens in them by using tools that remain under our control. The Italian digital supply chain is this: the possibility, if not to create entire completely Italian systems, at least to have tools that protect us from the dominant position of suppliers of foreign IT technologies and services.
From a geopolitical point of view, is Italy more or less vulnerable in terms of cybersecurity than other countries? Why?
I believe that Italy is in line with other European countries. A strong process of securing all essential national infrastructures has been launched through the adoption of the NIS 1148 Directive of 2016. This was a very important historical step for our country which has begun to protect its citizens even in virtual space. , the so-called “fifth element”.
Is there anything in the Cyber Protection sector that distinguishes us from other sectors?
Compared to other sectors, cybersecurity has a much greater dynamism in the products and services it creates and, at this moment in particular, an enormous growth prospect.
Where are we with the Cyber Protection culture in Italy?
As always, the spectrum is very broad: there are public administrations and companies that already have a good level of protection; others who have at least understood the threats to be faced and have begun a process of strengthening the security of infrastructures and training personnel; finally, many who, unfortunately, still think they are immune to these risks. More “awareness” must certainly be created to allow everyone to consciously evaluate how to defend themselves.
What are the main cybersecurity risks to which a company is subjected?
There are essentially two types of business risks: random and targeted attacks. Random attacks are those we are all exposed to when we use the Internet to receive emails or to visit Internet sites because, through these services, we can access compromised or fake sites, designed to get hold of our usernames and passwords. Or it may happen that these sites make us download malware or ramsonware to encrypt our data and demand a ransom. This type of attack is launched by hackers without a specific target, but only with the knowledge that “someone will fall for it”. There are also attacks designed and built to target a specific organization or company. In this case, the hackers are much more advanced and have a well-defined goal which could be to create only an image damage or to propagate a certain idea, as in the case of Hacktivism, or to steal a company’s technological research in this case we speak of industrial espionage. Furthermore, an attack can be carried out to cause direct damage to citizens by interrupting or altering an essential service such as the supply of energy or the chlorination of water, in this case we speak of terrorism. All of us and small and medium-sized businesses are primarily exposed to causal attacks, while large corporations, government and national critical infrastructures face both of these types.
Do you bring a product of “military extraction” to companies, is it customary in your field or is it a plus?
For us it is a custom because for more than twenty years we have been collaborating with institutions and the military world to provide technologies and research on cutting-edge topics. In general, however, this constitutes a uniqueness, because few companies can boast technologies developed in complex and advanced contexts such as military ones. Collaborating with institutions is, for us, an opportunity because it allows us to interact with professionals of the highest value who, in addition to great skills, have a strategic vision of the needs that the military sector and, consequently, also all the senior civil sectors will have to fill. in the medium and long term.
How has the cybersecurity vulnerability of companies changed due to the pandemic?
The hasty adoption of smartworking forced companies to activate interconnection services with thousands of employees in a very short time and, unfortunately, most were not prepared to do so.In this way, interconnections were made between the private computer of employees and the corporate network, without taking into account that the level of protection that a private individual adopts for their computer is generally infinitely lower than corporate protection. In this way the corporate defense perimeter has been enormously extended with much more vulnerable infrastructures and, reminding us that the security of an infrastructure is given by the security level of the weakest link, they have undoubtedly weakened the company.
Can we really say that cybersecurity represents a strategic asset for our companies today?
We can certainly say that from today there is a “little more awareness” that Cyber Security is a strategic asset. Although large companies have already understood this for some time and are already working on strengthening their defenses, SMEs, which constitute the greatest strength of our country, are only now beginning to understand this and, sometimes, they still believe. that “it will not touch them”.