01 Oct Cybersecurity today: updates and prevention tips from Clusit
Anna Vaccarelli
Steering Committee
Clusit, The Italian Cybersecurity Association
Read MyBank’s exclusive interview with Anna Vaccarelli of the Clusit Steering Committee, the Italian Cybersecurity Association, with invaluable updates and advice on defending against digital threats.
About our guest:
Anna Vaccarelli
Technological Manager of the Italian National Research Council (CNR) and Head of External Relations, media, communication, and marketing for Registro.it, managed by the Institute of Informatics and Telematics of the CNR, until 30 September 2024. From 2010 to 2024, she coordinated and promoted an initiative to spread internet culture in schools, with workshops from primary schools to upper secondary schools through the “Ludoteca” of Registro.it. She is among the founders of the Internet Festival and coordinator of the Executive Committee of the Festival. Since 2020, she has been a member of the Steering Committee of Women for Security and, since 2022, a member of the Steering Committee of Clusit, the Italian Cybersecurity Association. She has taught Cybersecurity courses, served as a scientific coordinator of national and international projects, and co-authored over 100 scientific and technical publications.
What are currently the main cybersecurity risks that citizens and companies in Italy and Europe face, and what trends have you observed over the past year?
The Clusit Report 2024 provides a stark picture of the cybersecurity situation in 2023, which has worsened significantly compared to the previous twelve months, indicating a growing attack trend with a 12% increase over 2022. In 81% of cases, the severity of attacks was classified as high or critical, according to the severity scale used by Clusit researchers, which is based on the type of attack and its impacts.
In particular, our country appears to be increasingly in the crosshairs of cybercriminals: last year in Italy, 11% of the serious global attacks mapped by Clusit were successful (up from 7.6% in 2022), representing a 65% growth compared to 2022. Looking back over the last five years, it emerges that over 47% of all attacks recorded in Italy since 2019 occurred in 2023.
Moreover, reports from ENISA and the Polizia delle Comunicazioni do not present comforting data: ransomware attacks against organisations are steadily on the rise. These attacks are generally initiated via phishing emails directed at employees: phishing itself remains a persistent threat at considerable levels. Additionally, there has been an increase in Distributed Denial of Service (DDoS) attacks, typically demonstrative in nature and linked to activism, due to the ongoing conflicts in Ukraine and the Middle East.
Ransomware attacks are particularly attractive to cybercriminals as they facilitate a double extortion: to unlock the systems and to release the stolen data. Techniques are becoming increasingly refined, and ransomware attacks are sold as a service on the Dark Web (Ransomware As a Service – RaaS).
This possibility grants access to such attacks even to technically less skilled individuals, lowering the barrier to entry for skills in the cybercrime landscape. This model is highly financially advantageous for those selling these services, as they earn from the service sale and receive a percentage of the ransom paid by their “client.”
Another factor worth considering in this proliferation of attacks is the advent of Artificial Intelligence (AI), which can enhance the tools available to cybercriminals for exploiting vulnerabilities, creating malware, and formulating phishing emails that are harder to recognise, as they no longer contain the grammatical mistakes that could alert users. Conversely, AI can also be a valuable asset for defence, and it would be desirable for organisations and institutions to exploit it to the fullest as soon as possible.
How can companies implement effective preventive strategies to protect themselves from cyberattacks, and what are the most common mistakes they make?
The first point is: be organised and stay prepared! This means acting on two levels:
- Strategies and defence planning
- Technological, tools, and technical countermeasures.
Companies must plan the actions to be taken in the event of an attack to minimise response times: everyone must know what to do and when, including individual users, and this plan should be prepared calmly in “peace times.” What to do will be clearer if attack simulations have been carried out (just like fire evacuation drills).
On the technical front, all necessary countermeasures must be activated: firewalls, intrusion detection systems, monitoring of networks and endpoints, regular backups, and supply chain security checks. The latter is particularly important and sensitive: often the attacks come from the supply chain, which is not adequately protected internally but has access to the company’s network and systems.
In 60% of cases, suppliers are unaware that they have acted as a “bridge” for an attack. This consideration invites us to reflect on the “perimeter”: nowadays, it’s no longer a discussion about the attack perimeter but about the attack surface. The network is no longer just the physical one, to be protected by the “boundary wall” of the firewall; it now encompasses the cloud, mobile devices, even personal ones, and smart devices connected to the network.
And here we get to the most important point for prevention and defence: user training, regardless of their function within the company: executives cannot and must not be exempt from training. 95% of attacks are executed as a result of human error, whether someone clicked a link in a phishing email or someone was sent a false message mimicking their superior’s voice reconstructed with AI.
Therefore, considerable effort must be put into user awareness: the confidentiality and strength of passwords, regular updates, (non) sharing of accounts, attention to suspicious attachments and emails, and so on. Particular emphasis should be placed on the importance of backups: it is essential that they are always updated and preferably exist in three copies, with two at different locations and a third disconnected from the network.
Having a backup available allows for a quick restoration and avoids paying a ransom. Today, the first action attackers undertake upon breaching a network is to search for backups to render them unusable, ensuring a greater chance of collecting a ransom.
What advice can be given to citizens to prevent the theft of personal data, both online and through social media?
The basic recommendations are to use strong passwords, change them frequently, and employ two-factor authentication wherever possible, which combines two elements (dual factor authentication): for example, a password and a one-time code (OTP) sent to a mobile phone or a pre-verified email.
It is advisable to avoid sending personal data and credentials over unprotected networks, typically those free ones in airports, hotels, etc., as they can be easily intercepted. Naturally, dictating a password over the phone in an environment with people around is highly inadvisable, and care should also be taken to ensure that no one is reading it over our shoulders while we type it on the device.
For social networks, the recommendation is not to trust posts that encourage us to click somewhere or download some image or video, as they are often scams and the files we download may contain malware. Generally, they attempt to persuade us with the prospect of winnings or astonishing news or miraculous cures.
A bit of critical thinking is needed, and we should learn not to trust every piece of information and news published blindly, just as we usually do in “real” life.
What additional measures can be taken to ensure secure online payments, and what role can account-to-account payment solutions like MyBank play in this context?
Today, banks and payment systems protect transactions by routing them over secure channels, typically encrypted and requiring two-factor authentication, to verify the customer’s identity and prevent so-called “man-in-the-middle” attacks, where a cybercriminal intercepts the exchange of information and redirects the financial transaction in their favour.
In particular, account-to-account (A2A) payment methods allow payments to be made without having to enter credit card details or IBANs, mitigating the risk of interception by malicious parties. These are irrevocable transfers that ensure the immediate certainty of credit to the payee, eliminating the waiting times associated with other payment methods.
What future trends in cybersecurity do you believe could influence the online payments sector, and what strategies should citizens and businesses adopt to effectively address these new challenges?
Digital payments are continuously growing in many countries: not only mobile payments (via smartphones) but also through wearable devices (e.g. smartwatches) and other internet-connected objects within the Internet of Things landscape. While this brings some advantages, including ease of payment, speed, and greater traceability, it also exposes us to heightened risks.
Users need to employ strong authentication, operate under secure networks, and avoid providing their data to individuals who pretend to be trustworthy but are not (for example, via phishing emails).
On the other hand, banks and payment systems must closely monitor transactions, picking up on “anomalies” through monitoring systems. Some of these countermeasures can be enhanced through the use of Artificial Intelligence, especially in monitoring activities.
1 Oct 2024