WE ENTERED era of cyber warfare for military and terrorist, while Italy is still unprepared for cyber attacks. Are some of the findings in the report Clusit 2015 (the Italian association for information security), early today (March 17 will be officially presented to the Security Summit 2015).
In 2014 attacks in support to military activities, and paramilitary terrorist increased globally by 68%, while falls hacktivism, that the attacks for political activism. A quarter of the attacks in the world affects governments to steal information of strategic importance or even simply to “deface” or block institutional sites. “There is an ongoing race for cyber weapons”, says the Clusit. Cloud services, banks, health (sector that has suffered an increase of 190% compared to 2013), recorded the highest growth rate in the number and severity of attacks.
In 2014 also entered forcefully targeted by cyber criminals also the sector “Retail”: the large retail chains, chains of franchised stores and ecommerce sites have indeed registered globally very heavy losses, in some cases in the hundreds of millions of euro ( for example, Target, Home Depot). And not just to see a growth in attacks.
One of the alarming conclusions reached by the report is a fact that institutions and companies are not doing enough to combat the phenomenon. The number and severity of attacks is greatly increased, despite the growth of the global investment in cybersecurity (+ 8% in 2014); well and two-thirds of the victims – it is estimated – it is not even aware that he had suffered an attack. 1600 companies analyzed by Clusit, on average 90% have suffered at least one attack. Now, “the risk of being hit by a cyber attack has become a certainty, in the short to medium term,” the report said.
You have to accept this evidence. That’s why the latest trends in computer security world give priority to measures for damage control and isolation of the attacker, instead of focusing only on the activity of prevention, which apparently can not hope to capture all the dangers. “The slogan of 2015 is ‘prepare for impact’ adopting logical Cyber Resilience (…) by applying the ancient maxim ‘know thyself’ (and therefore their vulnerability and criticality), and then preparing a model Risk accurate, constantly updated, estimating potential losses through the study of a number of realistic scenarios to determine correctly the necessary investments, “the report said.
But Italy is late on this approach and lives a particularly serious situation: Clusit estimated nine billion euro total damage caused by cybercrime (including system recovery), reports the theft of trade secrets to the detriment of small and medium-sized enterprises homegrown (and for the benefit of foreign organizations ) and accuses the institutions have not yet established a center to collect reports of attacks and coordinate defenses (even if the government ensures that this center is already active from June, many experts believe that it is actually still functional).
There are four trends for 2015, in the world, according to the Clusit. The collaboration between groups cybercriminals and terrorist groups or paramilitaries continue to grow, with activities of extortion for political and economic reasons, “with impact on institutions and public administration, businesses and critical infrastructure.” “We also expect that terrorist organizations (including the Is) using increasingly the social networking platforms like real battlefields against the governments,” it said. “The same social networks will continue – as among other already well documented last year – to be easy attack vectors for the spread of malware and fraud based on social engineering.”
Third trend, “due to their inherent fragility, Pos systems will increasingly been targeted by criminals and the possibility of malware attacks will be very high even in individual businesses. The banks will be called at the forefront of fraud prevention and to provide support to customers” . Finally, the phones will be an easy target: there is “a growing attention from government agencies, mercenary spies and criminals against platforms such as iOS and Windows Phone (so far considered more secure than Android, ed ). The manufacturers of mobile devices, application developers and users will have to revise their strategies and investment in the mobile, with an emphasis on safety, and not only on the aspects of marketing or business. “
The Report also makes use Clusit year of data on attacks detected by the Security Operations Center (SOC) of Fastweb, which is able to monitor and defend against attacks and threats both ICT infrastructure company is to customer and who has agreed to share with Clusit a statistical dimension of the phenomenon.
No comments:
Post a Comment