IT security, in all the facets in which it is known and dealt with, is certainly one of the hot topics driving the activities of IT service companies, even more so after the entry into force of the new European data protection regulation. Nevertheless, the emphasis and importance that the IT technician places on this issue is not always grasped, and in support of the information provided, one cannot fail to mention the sector studies that present a broad but significant picture. We refer in particular to a survey conducted by Cisco that questioned 3,600 security professionals from companies of various sizes in 26 countries, including Italy.
The result of this research is the Cisco Security Capabilities Benchamark Study, an accurate map of the security resources and procedures available to companies. Of course, Cisco itself could not fail to enrich the study with tips and countermeasures to strengthen companies’ security strategies. The study focuses on three areas: the challenges, the state of cyber attacks and the adoption by companies of new technologies to protect themselves. Given that cyber attackers are developing and adapting their techniques at a very high rate, it makes more sense to ask not so much whether a company will be affected, but rather whether its security officers will be prepared when the attack is launched. The main finding here, which confirms a scenario that has been going on unnoticed for several years, is that there is still a lot of work to be done: security professionals have to make considerable progress and there are many challenges they have to overcome.
In our country, 92% of the two hundred companies surveyed stated that they had suffered a cyber attack in the past year: this figure could probably be even higher if all companies actually detected attacks or admitted to breaches. The same Italian companies interviewed admit, for 24%, that the lack of specialised personnel in this area is one of the biggest obstacles to IT security. One piece of good news is that only 12% of the companies surveyed manage more than 21 vendors: this means that Italian companies prefer an integrated approach that is easier to manage and in which operational costs are reduced and limited IT security resources are maximised. The adoption of IT security solutions that can communicate with each other automatically is in fact an essential element that reduces the time needed to detect threats and classify them, thus greatly increasing the efficiency of the whole system and partly overcoming the lack of specialists in the field.
The price to be paid by companies is very high: Cisco’s study confirms that 62% of cyber attacks caused damage in excess of €80,000 after the affected systems were repaired. In addition, much of the damage is due collaterally to the forced interruption of production or distribution processes and the consequent loss of dissatisfied customers. In fact, 50% of Italian companies have suffered an interruption of at least five hours and, in the case of companies providing public services, one can easily imagine the inconvenience potentially caused to citizens and the risk to their health, having to reckon not only with pecuniary damage but also in terms of human lives. One somewhat positive aspect, in terms of the impact on companies, is the lack of integration of legacy systems into their infrastructure. Thus, while fragmented networks make them easier to breach because of security gaps, such attacks certainly do not spread laterally.
Sara Avanzi