Skip to content
Attività

Cybersecurity: dangers and opportunities for businesses

    • Cernusco sul Naviglio (MI)
    • 16 April 2018

          Investments, culture, sharing: three elements that pundits and professionals consider indispensable to making System Italy resistant to cyber threats.

          Despite last year’s timely updating of the national cybersecurity plan, Italy still faces many problems in this area. Firstly, the resources invested appear largely insufficient, especially when compared with those being earmarked by allies and competitors. This heavily compromises the possibility of implementing the technologies needed to effectively combat the pervasive, transversal, hybrid risk cited by the World Economic Forum as among the five primary global threats. Cyber attacks are having a dire impact on both civilian and military life, and their provenance is almost never clear.

          Such a situation calls for the development of appropriate instruments and procedures capable of providing advanced technologies that can defend national security without infringing on competition and free market rules.

          To proceed concretely in this direction, two things are necessary in particular. On the one hand, researchers and companies need to implement what is known as “security by design”, i.e. work consciously from the beginning (the design phase) to create tools that ensure high security standards. On the other hand, a national evaluation and certification center (CVCN) should be set up to test the hardware and software destined for use by critical infrastructures or operators associated with the national interest. Italy is already working in this direction, in fact, and its strategy includes a national cybersecurity research center linked with the establishment of an equally important hub that will focus on cryptographic instruments and codes at the service of institutions.

          Also crucial is the role of police and intelligence forces. These are invested with the responsibility to establish increasingly effective private sector partnerships (PPP) aimed at sharing data and exchanging best practices.

          Investments, research, institutional innovation and operational strategies can bear useful fruit only in an adequate cultural framework that embraces every branch of society – especially businesses.

          In this regard, it must be noted that Italian banks and the finance sector have proved better able to foresee the growing wave of cyber attacks and to meet the challenge. Difficulty continues to plague small and middle-sized enterprises, however, as they are more limited economically and culturally, though in many cases they possess extremely important know-how. Furthermore, it is precisely those SMEs that often offer a point of entry for criminals and businesspeople alike, as they hope to operate on a larger scale.

          It was pointed out that these attacks are on the rise and that they are becoming increasingly sophisticated, thanks not least to the use of artificial intelligence. While AI can also be employed in defending against attacks, to date, in many areas (that of evolved phishing for example), response capability is still linked with the availability of human resources. It thus remains essential to invest in the training of personnel. Furthermore, younger generations are not immune – thinking that being “born digital” inevitably means being naturally aware of the risks posed by new technologies and being capable of countering them would be a mistake – so training is key for youth as well.

          Finally, participants noted with pleasure and interest that some important new regulations are set to go into effect in coming weeks for EU countries: the NIS and PSD2 Directives (the former outlines measures for the Union’s higher common web and data systems security level, and the latter concerns payment services) and the GDPR (new General Data Protection Regulation).

            Related content