Thursday, September 19, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Cybersecurity, here are those who invest little in security. Startmag-Icinn report

2 years ago babelfish

Cybersecurity, here are those who invest little in security. Startmag-Icinn report

The paper by Start Magazine and Icinn reports the evidence of a CyberEdge survey entitled "2022 Cyberedge Cyberthreat Defense Report", according to which Italian companies spend only 10.1% of the IT sector budget on security. It is the lowest figure among the G7 member countries. Numbers, comparisons and wishes

Italian SMEs invest little in safety.

This is what emerges from the paper by Start Magazine and Icinn which reports the evidence of a CyberEdge survey entitled "2022 Cyberedge Cyberthreat Defense Report", according to which Italian companies spend only 10.1% of the IT sector budget on security. This is the lowest figure among the G7 member countries, as German companies spend 10.8%; British ones 10.9%; Canadian ones 11.1%; the Japanese 11.5%; those in France 12% and those in the United States 13.7%.

The attack of these hours – the authors write – demonstrates how cybersecurity is a topic not reserved for experts, because the "IT security framework" sees us all involved.

All the details.

SECURITY INCIDENTS ARE INCREASING

“Growing exposure has led to a steady increase in security incidents in companies' IT assets, attacks on the cloud, data systems and the supply chain in recent years” notes the paper. "If 2020 was defined in the "Clusit Report on ICT Security in Italy" as the worst year ever in terms of evolution of "cyber" threats and the impacts generated, their severity and damage caused, this trend has unfortunately been confirmed also in 2021. In 4 years, serious attacks globally have grown by 32%, and in addition to a greater frequency, there is a significantly worsened severity index, thus multiplying the associated damage”

In fact, "according to the most conservative estimates, cybercrime generates at least 1 dollar for every 100 of world GDP with a continuously growing trend, following both the increase in attacks and the greater awareness that brings to light a part of the phenomenon in the past submerged".

CRITICAL IS THE DIFFERENT LEVEL OF IT SECURITY OF ORGANIZATIONS

“In a hyperconnected system one of the critical points is represented by the different level of cyber security of the organizations. Individual companies are not enough to defend themselves against this type of risk, but it is necessary to look at the defense capacity of the entire digital system” highlights the paper by Start Magazine and Icinn which saw the collaboration of journalists, researchers, experts, academics and companies from the cloud and telecommunications sector.

CYBER THREAT IN FIRST PLACE FOR ITALIAN COMPANIES

For Italian companies, the cyber threat is in first place among the potential risks According to a survey carried out by Purplesec, about four out of ten cyber attacks are aimed at small companies and about 47% of the companies interviewed in the last year suffered at least one attack. 70% of small businesses declare themselves unprepared to handle a cyber attack, and three out of four companies do not have enough staff to take care of cyber security, despite being well aware of the risk.

DEFEND YOURSELF WITH SECURITY PATCHING

And to defend against cyber threats you need Security Patching. As the paper points out, "It is now a rather mandatory practice, also and above all in light of the escalation of cyber attacks that has occurred over the last year".

“The patch – recalls the paper – is a software component that improves the software or corrects an IT vulnerability. And it is a practice that many companies today do on a regular basis, using technologies capable of identifying the flaw or the threat. The most critical part, however, comes immediately after. Once the criticality has been identified, is it known on which machine it occurred? Do you know if it was corrected, who is the owner or at what stage is the resolution of the problem? Is it possible to have a timing and a priority of the incident? It is when it comes to the "systematization" of vulnerability tracking that many companies (small and large) risk not being equipped with the right tools to have a 360-degree view of the interventions necessary to secure their assets".

IDENTIFY VULNERABILITIES LIKE THE ONE UNDERLYING THESE DAYS' ATTACK

And this is where the need to start Security Patching comes into play. As? "Through a management system – explains the report by Start and Icinn – which, when you become aware of having a threat on a given system, allows you, with a simple click, to identify the exact point of vulnerability, allows you to understand if this, for example, concerns a computer directly exposed on the Internet, and therefore with a more critical posture compared to others, it gives visibility if whoever was supposed to take charge of the resolution did so and if they shared their results, so that they “literature” for resolving other attacks”.

Just as happened with the hacker attack of these days: the attackers took action through a "ransomware already in circulation" that targets VMware ESXi servers. As explained by the Csirt, the manufacturer had already identified and remedied the vulnerability in February 2021. However, not everyone using the currently affected systems has fixed it. Targeted servers, if not patched, i.e. the appropriate "fixes", can open the door to hackers busy exploiting it.

STILL OVERLOOKED BY MANY COMPANIES

In fact, as the paper underlines "the Security Patching process seems like one of those "banalities" that cannot be avoided in a company "And instead, today most companies, despite having understood the need to map all their systems so as to start that resilience process that allows not to avoid risk (because zero risk does not exist) but to manage it, they still do not have full knowledge that it is possible to have technological tools with which to also track interventions to remedy vulnerabilities".

This is a process whose importance is proportional to the size of the business. Especially when it comes to enterprises with Data Centers or that also have international branches.

“Clearly, starting a Security Patching system requires an initial investment: you need to equip yourself with a technological layer for identifying vulnerabilities, implement the management system in your systems and feed it with as much data as possible, you need to provide for its maintenance. But the benefits in terms of resilience can far exceed the initial commitments to start a process that reduces human error and therefore the risk of IT intrusion, so as to enable that "readiness" that always remains the basis of every strategy Cybersecurity” concludes the paper.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/cybersecurity-ecco-chi-investe-poco-in-sicurezza-report-icinn/ on Mon, 06 Feb 2023 14:50:28 +0000.