Cybersecurity

Necessities and opportunities for the 21st century entrepreneur

“Cybersecurity is the new frontier in the prevention of threats in digital spaces.“

The world of private enterprise is directly involved: cybersecurity enables the adoption of a set of measures and strategies to protect computer networks, systems, data and digital assets of companies from the risks of external cyber intrusions.

Attacks are carried out by hackers, industrial spies and others who want to damage the “corporate system”.

The National Cybersecurity Agency: A Strategic Plan

Recently, for the first time, the Italian government presented a strategic plan to promote cybersecurity: the “Research and Innovation Agenda for Cybersecurity 2023-2026”, drawn up by the National Agency for Cybersecurity (ACN) in agreement with the Ministry of Universities and Research (MIUR) to direct public investment in this sector.

The Agenda, a 50-page document, aims to achieve national sectoral strategic autonomy and promote IT innovation in public administration and the private sector.

This document intends to focus on data protection and privacy, making critical infrastructures more inaccessible and anonymous; secondly, it studies cyber threats by conducting research and analysis aimed at preventing attacks, using blockchain technologies to armour sensitive data, and organising hetero-directed training activities to prevent cyber attacks by educating public and private sector employees engaged in digital challenges by enhancing their human capital, which is the only resource capable of understanding the scale of the phenomenon.

As far as the corporate world is concerned, it is necessary to focus on some fundamental aspects of corporate cybersecurity.

Training and awareness: The first line of defence

Firstly, an ‘awareness operation’ needs to be carried out, in the sense of making all company employees aware of cyber threats and the importance of digital security. This means expanding the scope of corporate training. Intensive training sessions are needed to prevent risky events such as phishing (a widespread digital practice in which an IT user tries to persuade his or her interlocutor to divulge sensitive information or data over the Internet), opening suspicious attachments and using particularly weak passwords.

Protection tools: Firewall, encryption and access control

Another key issue is the implementation of security solutions such as firewalls (protecting a company’s computer network from unauthorised external users).

Protecting data by encrypting sensitive information and encouraging computer users to use appropriate tools, as well as encrypting and archiving sensitive data, is a strong starting point

Security testing and incident management

Regular network vulnerability testing to identify and remediate vulnerabilities is another important activity. Access to company data and systems by internal staff in the normal course of business must be managed and controlled through ‘strong’ authentication systems that are difficult to penetrate.

The business organisation should plan appropriate responses to potential cybersecurity incidents: having a clear and defined plan in place can make all the difference at the time of need, for example by establishing a proven cybersecurity support process.

Backup and recovery: The key to business continuity

Critical data often needs to be backed up and restored by testing the actual chances of recovery in the event of loss or deletion due to a cyber-attack.

Legislation and regulations: An essential frame of reference

A brief background on the relevant regulatory requirements for businesses is in order.

Indeed, cyber threats and regulatory issues are closely linked, as the exponential growth of these criminal activities in recent years has prompted the EU and other countries to adopt increasingly sophisticated legal standards.

Here we can briefly mention: the GDPR on data protection, and the security breach notification laws introduced by many jurisdictions, which require companies or other institutions to immediately notify the relevant authorities of IT breaches that have occurred. Legislation on the protection of corporate data and intellectual property and other regulations on the security of critical infrastructure have been adopted with very strict protection standards for strategic production sectors: energy, telecommunications, defence, transport and financial services.

Cybersecurity: A necessary investment for the future

Cybersecurity is an ever-growing and evolving field, as cyber threats continue to find fertile ground. This is why it is important to maintain a proactive attitude when it comes to protecting a company’s digital assets and, if necessary, to rely on professionals in the field who can prepare individual plans, risk analyses and appropriate prevention.