Hacker attacks, the "flaw" is in the companies
The technologies to defend oneself are there, but the culture of safety is scarce and thus the time, resources and money invested in information technologies are lost; Italy is in the crosshairs of hackers and small companies are those most at risk!
Between 2016 and the beginning of 2017, our country saw a surge in hacker attacks. There was the Eyepyramid affair, consisting of malware created ad hoc to spy on the e-mails and conversations of well-known politicians. Without forgetting the scandal of hacker attacks at the Farnesina in 2016. In its report, Clusit also lists Italy as one of the first global targets for cyber criminals.
In our country, it has been noted that in recent months the numbers regarding attacks on small and micro companies have grown exponentially. The problem is often given by the lack of training and lack of knowledge of the subject. The requests of hackers when they hit a small company are quite low and often those who manage the company prefer to pay 100-200 euros rather than denounce or investigate the subject. The sector most affected is health care, followed by large-scale distribution and finance and it is no coincidence that the government updated the ministerial decree on IT security in mid-February.
Among the latest events we have seen that in August the hackers attacked the sites of "Corriere della Sera" and "Gazzetta dello Sport". The two outlets on Facebook made this statement: "We have suffered a hacker attack, we are working to solve the problems. Thanks for your patience. The technicians are working to solve the problems and understand what happened.“
Attacks too complex to take the necessary measures for prevention or still too much resistance in adopting them?
The answer is no! Infrastructures and technologies exist, but the concept of security should probably be addressed in a much broader way, starting from a real corporate culture that concerns not only one's own information system but also, and perhaps even before, the information one.
Unfortunately, there is still no culture that raises awareness on data security, even before the adoption of IT prevention tools.
In other words, companies should focus not only on securing electronic technologies and equipment, but also on educating all human resources within the company to manage the data produced during the execution of the business processes. The same companies today have certainly grasped the importance of installing antivirus, no longer considered a useless expense, but they hardly understand the importance of spreading a culture of safety within the company. This means, for example, paying attention to external devices that are connected to company PCs, protecting sensitive documents and access passwords, etc.
In recent years, service providers have evolved by providing increasingly complete security packages because, if the first mass attacks were easily manageable with a common antivirus, those experienced in recent times are more specific and targeted attacks and require much more security thresholds. high.