the safety ofdigital identity and the protection of access to online channels they are not yet a priority for Italian companies. In fact, 73% of organizations with online channels declare that they rely on systems based on a single authentication factor. Only 13% of organizations rely on systems that leverage double factor authenticationi.e. verifying identity through two unrelated steps (for example password and biometrics). And only 2% of companies have implemented adaptive authentication systems, capable of measuring the level of risk and inserting a second step of security only if necessary. This is what emerges from the results of an investigation by Minsait in collaboration with the Osservatori Digital Innovation of the Politecnico di Milano that CorCom publishes in preview.
Photography of the Italian scenery
According to the report, titled “The digitization of sales in Italy“, on the front of infrastructures and applications in the Cloud, however, among organizations there is a good level of attention in the search for vulnerabilities that can allow malicious actors to access company systems. 33% of companies rely on application security tools in Interactive Application Security Testing (Iast) and Dynamic Application Security Testing (Dast) modes, while 13% prefer Vulnerability Assessment (Va) and Penetration Test (Pt) tools. 35% of the sample carries out periodic assessments using all these methods in a diversified way. The remaining 19% of companies have not established a clear identification strategy of application and infrastructure vulnerabilities and risk being caught unprepared.
ISO 31700 underpins privacy by design: what companies and consultants need to know
On data protection, 82% of organizations use backup and recovery solutions to protect data, while 56% use Data discovery & classification solutions to identify and classify data by attributing various security requirements to them. 52% of organizations use data masking solutions to mask sensitive data through anonymization or encryption techniques. Only 27% use Identity & access management solutions to manage and monitor user access to infrastructure, applications and critical data.
The thrust of compliance with the GDPR
An impetus to adopt data security solutions also comes from the need to compliance with regulatory requirements: 83% of Italian companies have completed their adaptation projects to the Gdprthe reference legislation for the protection of personal data, and a further 10% declare that adaptation projects are underway, despite the full applicability of the regulation dating back to 2018.
“Equipping digital security technologies, methods and processes does not only mean protecting the sensitive data and information assets of organizations, but also gaining the trust of consumers who feel safe interacting with companies through digital sales channels”, comment Sergio Scornavacca, Cybersecurity Director of Minsait in Italy and Administrator of Net Studiothe Group company specialized in Cybersecurity, Digital Identity and Access Management.
A comparison of the main sectors
The sector that is most attentive to security in interactions with customers is that banking. 55% of companies in this vertical are equipped with double-factor authentication systems (vs. 13% of the average) and are more widely experimenting with the implementation of adaptive authentication systems (13% versus 2% of the average ). Even the Public Administrations and health companiespartly driven by regulatory obligations, have secured user access to online portals: 79% of Public Administrations and 70% of healthcare facilities offer customers the possibility of accessing both through proprietary credentials and through digital identity systems national (such as Spid and Cie).
As for the activities of security assessment, the most virtuous sectors are the Banking & Insurance sector and the Utility sector: in both cases, all companies carry out periodic vulnerability identification activities by applying different methods. The most deficient sectors from this point of view are the Manufacturing sector and the Telco and Media sector, in which activities carried out on a one-off basis if necessary are preferred. Even in the PA there is a level of attention to the issue that is not always sufficient: 37% of organizations seem not to have established a clear strategy for identifying application and infrastructure vulnerabilities.
The sectors most attentive to regulatory compliance they are also those characterized by greater regulatory pressure, ie Bancario ed Energy&Utility. The public sector also sees a very high adoption of the GDPR regulation, 99% of the Public Administrations and health facilities declare that they have completed the adaptation processes.
@ALL RIGHTS RESERVED