A forgotten door wide open in cybersecurity systems is shaking thousands of public and private entities around the world. The hacker attack that started over the weekend is in fact exploiting a vulnerability known since February 2021, when VMware, the manufacturer of the software involved, released a “patch” to fix the problem. “A symptom of how criminal organizations act and how cybersecurity must be cultivated every day to keep their companies and managed data safe”, he explains to Truth&Business Antonio Giannettofounder and CEO of ReeVoa company listed on Piazza Affari since 2021 and an Italian provider focused on Cloud and Cybersecurity services.
Doctor Giannetto, can you explain to us what is happening these days?
“There are several criminal organizations that are scanning the network for a known vulnerability and widespread software. This door left open, if it has not been closed in time, allows criminals to steal data with the threat of making it public if the ransom is not paid and/or making the data inaccessible to the company itself until the ransom is paid”.
Is it a typical criminal strategy to go looking for well-known leaks?
“It is one of the two main strategies. In this case they play on statistics: being so widespread, despite being known for a long time, it is statistically probable to find someone who has not fixed the vulnerability. This is a symptom of lack of attention to cybersecurity and it is very likely that the attack will be successful”.
And the second strategy?
“Criminal hacker organizations try to beat developers to the punch. In that case they go in search of vulnerabilities discovered a few hours ago and that the companies that produce this software have not yet had time to fix. In these cases it is very important to have an active monitoring service every day of the year, 24 hours a day, like the one offered by ReeVo and other companies in the sector”.
What does this type of large-scale attack teach about a problem that has been known for basically two years?
“The main mistake that can be made in the cybersecurity sector is to think that a single vulnerability assessment activity to discover the weak points of the corporate network is enough to protect oneself from possible attacks. The pervasiveness of today’s software, which involves not only the web but all types of devices, from smartphones to cameras, multiplies the possibilities of a company but also increases its fragility. This is why cybersecurity is a topic that must be cultivated over time. Most companies must have not only continuous risk and vulnerability assessment activities but also a continuous monitoring system that allows, when there are open doors that require some time to be closed, to have a security system in able to promptly repel any attacks”.
How should an entrepreneur who has not yet developed a cybersecurity system behave?
“Understand immediately what is the degree of cyber risk that your company is enduring. Italian companies are often very attentive to the degree of risk on the business side, but neglect what they bear on the digital side. The first thing to do is therefore an initial scan with a risk and vulnerability assessment activity to understand where and how to intervene. The advice is to turn to professionals because both in terms of talent and in terms of costs it is very difficult for a company to be able to satisfy its needs independently”.
Is it possible to estimate the cost for a company?
“It is difficult to speak in an absolute sense because costs change based on the characteristics of each company. What is certain is that the cost of carrying out preventive activities is a fraction of the cost that a company would have to bear in the event of a data breach. In 2022, in Italy, it was estimated that for a medium-sized company, between legal damages, reputational damage, system restoration, etc., the cost would be 3.5 million euros”.
How to deal with data theft and ransom demand?
“Absolutely do not pay immediately, isolate the systems by disconnecting them from the Internet and turn to professionals capable of managing the incident response based on the characteristics of the attack. Industry companies such as ReeVo may be able to recover data that appears to be no longer available, and they also have experience negotiating the most serious cases. Finally, identify how the violation occurred because, if you don’t take action, it is possible that the system will be violated again in a short time”.
Has the attention for cybersecurity grown in Italy?
“For some years now we have witnessed a turning point. The strong push towards digitization in the pandemic first and the Russia-Ukraine war, also cyber, which we then witnessed, made events like these relevant for the general public as well. Today there is widespread talk of cybersecurity issues contributing to the evangelization of the country”.