The lockdown has led to an acceleration of the computerization of workers and citizens, with the spread of smart-working and online payments. But there is another side of the coin, linked to exposure to cyber attacks.
“It is inevitable that in conditions of crisis, technological and psychological, cyber attacks will increase. However, if we knew how to defend ourselves before, we will be able to defend ourselves even now. Unfortunately, the opposite is also true”, explains Michele Colajanni, Full Professor of Information Security at the University of Modena and Reggio Emilia and Scientific Director Open Program in Cyber Security Management of Bologna Business School
“The attacks and cyber defenses were for the first few years a matter for technology experts, and rightly so, but the scenario has changed- continues the teacher. -Defense technologies have improved a lot in twenty years and, if well managed, it is not trivial to overcome them.
Therefore, hackers have turned their attention to the weakest link or to the people who, in the meantime, have all been equipped with PCs, interconnections, e-mails; they started using personal devices in the company, and have the opportunity to publicly express who they are, what they do, what they think and like, what their contacts are. In this way, every manager, employee, consultant and supplier becomes a target, an unaware and unprepared prey to defend against hackers. It is no wonder that at least 95% of cyber attacks enter the company through people bypassing the technological defenses prepared by the experts.
Fortunately, today we no longer have to convince any company about the importance of IT security for the support and survival of the business, but we have difficulty communicating the real scenario, as many have remained tied to the original context in which the challenge was technological between competent attackers and defenders. I also have the impression that some do not want to accept reality because the previous scenario took off the responsability to managers and employees.
How many times have I heard managers declare ‘we are safe, so much are our good computer scientists who protect us, and then we also bought the new firewall and a super antivirus’. Let’s dispel the myth of the omnipotence of cyber-security experts: cyber security experts alone cannot protect you. Without everyone’s contribution and respect for company rules, without the belief that superficial behavior can block the company with serious consequences for employees, customers and business, we experts in the sector can do very little.
Looking back, it’s true for any kind of security. The doctors have done and are doing heroic work, but only through everyone’s conduct will we be able to defeat this pandemic. Unfortunately, as all security managers know well, changing behavior is exhausting and man avoids it until he is forced to do so and, even in that case, with disappointment that results in resentment. With similar attitudes, it must be clear that any company remains vulnerable regardless of the amount of investment in technology”.
The Open Program in Cyber Security Management tackles the problem of security in a modern key and shows how cyber security is at the service of the business and works synergistically to minimize the risks for the most critical processes, personnel and company data.
Author: Michele Colajanni