They’re well-aware, but they still lack the desire and ability to invest structurally. The global computer attack that was recently launched through the ‘Wannacry’ ransomware has exposed many Italian businesses’ limitations and cultural unpreparedness when it comes to cybersecurity.
These shortcomings must be dealt with soon; small- and medium-sized businesses aren’t the only ones affected, as more structured organizations have also been hit. A recent investigation by the Polytechnic University of Milan’s Information Security & Privacy Observatory stresses that only 39% of large businesses have enacted a multi-year investment plan, and only one out of every two organizations has managers dedicated to these tasks.
This is a precarious situation, with potential consequences not only for their offices but for the factories too, where modern machinery has become increasingly connected and dependent on the ability to gather, transmit, and analyze data. With the Industry 4.0 plan, the Italian government has allowed for certain tax breaks for companies that invest in cybersecurity.
The information security solutions market did €972 million worth of business in Italy last year, a 5% growth in comparison with 2015. This spending has naturally been concentrated among the large companies, which comprise 74% of the Italian demand, and is subdivided into technology (28%), IT integration services and consulting (29%), software (28%), and managed service.
The Polytechnic’s analyses reveal, however, that in spite of increased awareness and in the face of new challenges created by the development of technologies like cloud computing, Big data, the Internet of things, mobile capabilities, and social networks, long-term approaches to security and privacy management are still hard to come by.
Italian companies’ projects are mainly oriented towards risk identification and protection from attacks, while post-attack data collection support and restoration provisions are still underdeveloped.
The awareness that has spread among the larger organizations isn’t equally spread among the smaller ones, where intrusions through “pirate” mail and the lack of adequate defenses are the main risk factor on a daily basis: due to these attacks, organizations with just a few million euro in turnover risk losing information and data, putting a halt to their operations for weeks and costing them an overwhelming amount of business.
The sector’s professionals have confirmed that the main cause of trouble is the lack of adequate safety procedures at these businesses: things like changing passwords, making backups periodically, updating antivirus software, and adopting firewalls.
“I know many business owners who have paid the pirates’ ransoms,” confirms Giancarlo Turati, former President of Brescia’s Industrial Association’s Small Industry division and owner of Fasternet, a company that provides a wide range of informational services, “If you haven’t made at least one backup, there’s no hope: it may seem banal, but this knowledge isn’t widespread, not even among the medium-sized companies.”
Turati confirms that, “normally the cost of the ransom is proportional to the company;” however, though it’s but a small comfort, the pirates restore everything once the ransom is paid. With sensors and automation, however, these risks are multiplied.
“The sensor supplies information to the company’s data network, you need to ensure that these aren’t compromised,” the business owner continued, “For example, in the world of metallurgy, there have already been instances of metal casters being hacked through the requested temperature parameters being altered. In less-extreme cases, information regarding production processes is at risk of theft.”
Paradoxically, the theme of competition “currently creates more worry than cyberattacks,” explains Stefano Linari, CEO of Alleantia, a company that supplies cloud solutions.
By giving up their information on the network, potential clients fear that their competitors may hijack their know-how. But, even in this case, all you have to do is follow a few, simple precautions.
“It’s like installing Facebook on your phone,” the manager explains, “you need to favor solutions that allow for a gradual transmission of data, and you have to choose to work with apps that aren’t based on makeshift technologies, but that deal with big vendors instead.”