Only 7% of Italian companies believe they are able to defend themselves against a cyber attack, while globally the percentage rises by 15%. In this context, 8% of companies in our country are still at the “beginner” level, while as many as 61% are at the “training” stage: preparation in the field of cybersecurity in any case much lower than the average. Are some of the data that emerge from the Cybersecurity Readiness Index 2023, report made for the first time by Cisco to measure companies’ preparedness and resilience to cybercrime.
To make the Cisco Cybersecurity Readiness Index 5 pillars have been taken as measurement criteria, which constitute the main line of defense of a company: identity, devices, network security, application workloads, data. Each of them in turn includes 19 different solutions.
The survey was conducted on a sample of 6,700 professionals from 27 countries, including Italy, who work in the field of cybersecurity: they were asked to indicate which solutions have been adopted so far and what their current status. At the end of the survey, the companies were classified into four levels of preparation: beginner, formative, progressive, mature.
75% expect an attack within the next 2 years
The results show that 75% of respondents expect their business to experience disruption due to a cyber attack in the next 12-24 months, while 31% said they had suffered one in the last year. Being unprepared, however, can cost you dearly: 25% of affected companies had to spend at least $500,000 to regain control of their business. As a result, 87% of respondents expect to increase their security budget by at least 10% in the next 12 months.
17 Maggio 2023 – 17:00
Disaster Recovery and Cloud, how to build an effective infrastructure
Nearly half (47%) of professionals surveyed also believe that security threats are increasing in volume or severity, and 48% report an increase in ransomware attacks. More than a third (37%) globally (46% in Italy) have experienced a data breach in the past 12 months, and 22% report that their organization has been the victim of a ransomware attack.
Cloud data targeted by hackers
An increase in ransomware attacks and an increase in the risk of sensitive data in the cloud are instead the main evidence emerging from the Annual Cyber Threat Report published by Thales and conducted on approximately 3,000 IT professionals from public and private organizations in 18 different countries, including Italy.
The survey shows that the main target of cyber attacks is cloud data. Over a quarter (28%) of respondents worldwide (46% in Italy) says cloud-based storage is the top target, followed by end-user devices (44%). The increase in cloud attacks is due to the growth of work moving to the cloud, with 75% of respondents stating that 40% of data stored in the cloud is now classified as sensitive compared to 49% of respondents in 2022.
Human errors at the origin of violations
Respondents believe that the leading cause of cloud data breaches are simple human errors, such as misconfiguration or oversights that can accidentally lead to systems breaches. 55% of those who have experienced a data breach in the past 12 months believe that the root cause is misconfiguration, followed by not using Mfa (20%). The report notes that identity and access management (Iam) is the best defense, in fact 28% of respondents identify it as the most effective tool for mitigating these risks.
Digital sovereignty: an increasingly crucial challenge
Digital sovereignty is becoming increasingly important to IT professionals responsible for data privacy and security. All in all, the Thales report notes that data sovereignty remains both a short- and long-term challenge for businesses. 83% express concerns about data sovereignty and 55% (63% in Italy) agrees that data privacy and cloud compliance have become increasingly difficult, likely due to the requirements to achieve digital sovereignty.
Even the threats from quantum computers that attack classical encryption schemes is a concern for organizations. The report Thales notes that Harvest Now, Decrypt Later (“Hndl”) and future network decryption constitute the biggest security concerns of quantum computing, with 62% and 55% respectively reporting concerns. While postquantum cryptography (PQC) appears to be the discipline to counter these threats, the report finds that 62% of organizations have five or more key management systems, presenting a challenge for PQC and cryptographic agility.
Check Point Research: “Attacks on IoT devices are on the rise”
Finally, a drastic increase in cyberattacks against IoT devices is the figure that emerges from the data released by Check Point Research (Cpr), la divisione Threat Intelligence di Check Point Software. The report shows that, in the first two months of 2023, a 41% increase in weekly attacks on IoT devices was recorded compared to the average for the whole of 2022. On average, every week 54% of organizations suffer cyberattack attempts targeting IoT devices: European organizations are among the most affected, followed by the realities of the Apac area and Latin America.
Cybercriminals are aware that IoT devices are one of the most vulnerable parts of networks and that most of them lack adequate protections. Devices such as video cameras and printers can, for example, allow direct access and a significant violation of privacy, acting as a first “foothold” for attackers, who can thus spread attacks within the violated network.
The main attacks
IoT vulnerability exploits number in the hundreds, but some are more prevalent than others. Here are the 5 most popular since the beginning of 2023: MVPower Dvr Remote Code Execution (affects an average of 49% of organizations each week); Dasan Gpon Router Authentication Bypass (affects 38% of organizations weekly); Netgear Dgn Command Injection (affects 33% of organizations weekly); D-Link Multiple Products Remote Code Execution (affects 23% of organizations weekly); D-Link DSL-2750B Remote Command Execution (affects an average of 14% of organizations each week).
@ALL RIGHTS RESERVED