“In the field of cybersecurity talking is not enough to protect yourself from attacks. Although the topic is on everyone’s lips, in the private sector and in the public administration, we are witnessing a daily proliferation of attacks, many of which are launched with ‘traditional’ techniques that are now known and against which it would be possible to defend oneself effectively. To make a leap in quality it is necessary at this point to take action, from a practical and cultural point of view”.

As Paolo Cecchi, regional sales director Mediterranean region of SentinelOnean American company specializing in cybersecurity, describes the priorities for companies with respect to the current scenario, ringing alarm bells especially for the telco world and for public administrations, which are increasingly in the sights of hackers.

Cecchi, why telecommunications and public administration?

Each of these sectors has characteristics that make it particularly “attractive” for those seeking an economic or even political return from offensives, as in the case of “state-sponsored” attacks.

The telco they manage a wealth of data that can be of great interest to attackers, e they represent a critical infrastructure for the countrytherefore, they could also be targets of possible state-sponsored attacks. As for the PAis an interesting target due to the large amount of data it possesses and processes on citizens, and it is a a stimulating objective also for those who want to put a State in difficulty from a political point of view. However, it should be added that Telcos and PAs are not new targets for cybercriminals, but have been among the most attacked sectors for years, always through the same methods: ransomware, phishing, compromised business e-mail: with a view to optimization of costs, attackers do not change their method if the “classic” one works.

The trend at the moment, however, is that of increasingly faster and more personalized attacks thanks to the use ofartificial intelligence.

How are cybercriminals’ tactics evolving?

A change that from my point of view is extremely interesting is the one that concerns the tactics related to cyber extortion. Cybercriminals, in practice, are learning to exploit new regulations, such as the GDPR, to exploit victims’ compliance problems. Their goal is essentially to do leverage on any non-compliance to make extortion more economically convenient compared to the fine that the victims would be imposed if the information held by the hackers were published.

Another scenario is where the attackers gain possession of compromising information, such as data relating to unfair practices and used to obtain a competitive advantage over competitors or information obtained illicitly on citizens. Great reasons to force an organization to pay a higher ransom.

And in public administration?

If the above is an emerging aspect especially for telcos, in the PA field – but the same applies for commercial reasons also in companies – one of the most interesting and dangerous trends is that of advertising campaigns. Malicious Disinformation and Misinformation (MDM): messages with sensational but false news that encourage users to click on a link to find out more. Anyone who falls into the trap will likely end up downloading malware without their knowledge, which could give rise to larger-scale attacks. Obviously with theartificial intelligence these campaigns have become much simpler and quicker to implement as well as more realistic.

Finally, there is something to consider current geopolitical scenario: if in recent years state-sponsored attacks had taken a backseat, today, with two wars underway, they are growing significantly, and we must expect that attackers will increasingly combine artificial intelligence with disinformation campaigns .

How do you counter these attack strategies?

In general we must continue to invest in awareness, especially in public administration, where information and training campaigns must be carried out continuously and on a massive level. This is because digital illiteracy in Italy is high, and that relating to cyber threats is even higher. We will have a good basis to defend ourselves when literacy, knowledge and understanding of the threats have grown, because with a series of even fairly simple checks the phenomenon of cyber attacks can be stemmed.

In essence, to begin with, theawareness must become a best practice, and to achieve this we will have to start from schools. Only once generalized awareness has been achieved will the technologies and processes that are implemented be able to best deploy their potential, with Threath intelligence and Early detection at the forefront.

What role does artificial intelligence have in these defense strategies?

It has a leading role: the acceleration of the adoption of artificial intelligence by attackers is a fact: on the black market there are ready-to-use and extremely specialized tools, as in the case of those engineered to target cloud environments. Thanks to artificial intelligence, these are tools that are able to learn in the environment in which they land, without the need for human intervention: it is a new level of attack, more difficult to detect and faster than a human being. That’s why it is You also need to start using AI regularly to protect yourself.

How can you make the best use of it?

There are three trends that are common to all sectors: consolidation, automation and indeed artificial intelligence, which represents a central element of the first two. Consolidation because dozens of security solutions can no longer be managed separately within the same organization, but a platform is needed that is capable of managing the “security” of an organization in a centralized and intelligent way.

Automation to help security teams, always smaller, work better and counter the fact that AI speeds up the attacker’s activity on an increasingly large perimeter to be defended. Both, if supported by AI, allow a qualitative leap in correlation, analysis and response speed. The same topic of XDR, extended detection and response, is no longer an exhaustive answer but represents a piece of the puzzle.

How does SentinelOne move in this scenario?

We are releasing Singularity Data Lake, the heart of our Singularity Platform, which summarizes the characteristics of Siem, Security information and event management systems, XDR solutions and Security Analytics solutions, enhancing these characteristics with Artificial Intelligence. Sometimes, especially in the PA, a modernization of the tools in use would not hurt, but beyond this it is important to centralize the management of the entire IT security ecosystem in a platform that does not require a reactive approach and enormous human effort, but which automates and simplifies Security Operations: by condensing security information you will have a privileged point of view of the priorities to be addressed to improve the protection of your organization.

SentinelOne was among the first companies, more than 10 years ago, to use machine learning in cybersecurity, and thanks also to this expertise we have created an extremely developed, advanced and reliable AI engine. It is essential to combine all this with effective tools for assessing and protecting digital identities, an area that is often overlooked, but which is targeted in almost 80% of modern cyber attacks.

@ALL RIGHTS RESERVED

Share this: Facebook

X

