"The ransomware attacks we are witnessing in these hours confirm, once again, the importance of close cooperation between public and private enterprises. Cybersecurity is in fact a common good and as such we must all make our contribution to strengthen our defenses." This was said by Alessandro Manfredini, president of Aipsa, commenting on the massive ransomware attack detected in France and Italy in recent hours.
Aipsa is the Italian Association of Corporate Security Professionals, which includes security managers from the country's major private companies, many of which are included in the National Cybersecurity Perimeter.
"Today's attacks (ed. Feb. 5) were made possible by a flaw already identified two years ago. Flaw to which, however, the security update (patch) has not yet been applied. Therefore, the priority is to improve the connections and communications between controllers and controlled, increasingly extending the mesh of the network to protect the Country System. We are ready to do our part, with determination but safe from unnecessary alarmism."
In an interview with us several months ago, Manfredini had explained, " The amount of threats has increased mainly due to the vulnerability of networks, the exponential growth of available data, and the lack of user awareness. However, it is also necessary to consider the sketch of the latest generation of cybercriminals, as they too have undergone profound mutations over time. Years ago the typical hacker, was usually recognizable as a nerd with extremely high computer experience, while today the hacker is anything but. Today those who commit cybercrimes are common criminals, who in the meantime have become digitized, exploiting the possibility of obtaining real on-demand services (Ddos attacks, malware, spamming, etc.) in the deep and dark web. We are therefore facing a completely different figure than in the past, precisely because it is the adaptability factor that is responsible for this metamorphosis."
And, again, he pointed out, "All digital attack incidents confirm that the human factor is the real weak link in the chain: misjudgments about defense and reactive strategies, distractions and carelessness have highlighted this. That is why I still emphasize how cybersecurity should not only be limited to technologies but also to people's awareness. And this is also where the discussion about another important aspect starts: that of having a holistic approach of information and data protection. It is no longer enough to consider the network and corporate infrastructure as a castle, protected only by reinforcing the walls to defend against external incursions. It is equally important to take note of how threats can also come from within, for example, emphasizing how critical it is to secure internal processes so that any abnormal behavior can be detected. There is a need to transform one's vision: monitoring more is essential to be more responsive, otherwise technologies and investments are of little use if there is not at the same time consistency and balance between different initiatives."
You might also be interested in:ย
