Time for end-of-year assessments also for the defense against cyber attacks in our country. The reference point for 2023 was the Clusit report which reported a 40% increase in attacks for the year that is ending. The increase in cybercrime certainly stands out, representing 84% of attacks, with over 1,160 cases recorded in the first half of 2023. No less significant was the 30% increase in attacks identified as “Hacktivism” where geopolitical tensions have played a significant role in the proliferation of accidents. In relation to the targets, organizations in the government sector were most affected, followed by those in the manufacturing sector, where Italy boasts a sad record having recorded 34% of the total attacks of this type globally. The Financial/Insurance sector also recorded an increase and the victims in the first half of 2023 exceeded the entire total of attacks that occurred in 2022. Not least the Health sector which recorded an increase of 33% compared to the previous year .

But what should we expect for the coming year and, above all, which regulatory, process management and innovation frameworks can we count on? We asked three important cyber security experts with the ability to analyze and predict national, international and market scenarios. According to Luisa Franchina, President of the Italian Association of Critical Infrastructure Experts, while 2022 ended with the dawn of the new world of security finally reunited between cyber and kinetic (or physics), with the CER and NIS 2 directives, 2023 will closes with the dawn of the new world of product certification, with the proposed implementing act for the EUCC European product cyber security certification scheme, proposed in 2021 by ENISA (the European Union Agency for Cyber ​​Security) and based on the Common Criteria standard (ISO/IEC 15408) and its Methodology (CEM) (ISO/IEC 18045).

The arrival of the European scheme could therefore also determine an acceleration in the operations of the CVCN, the National Evaluation and Certification Centre, which has exactly these tasks and which must also fulfill the mandatory verification requirements of ICT products envisaged in the PSNC (National Cyber ​​Security Perimeter) and in the Golden Power. If it is true that 2023 ends with the unfortunately usual increase in attacks, it is also worth underlining a different positioning of the defensive area, both governmental and private, at an Italian and European level. We survived a difficult year, not only due to the foiled attacks, but above all due to a cyber security market still polarized by multinational consultancy companies that exploit subsidies from Head Quarters to hire any figure with cyber skills with very high qualifications and salaries, effectively hindering a physiological and indispensable growth of cyber skills within Italian SMEs, which certainly cannot afford the same economic parameters for human resources.

On the other hand, large Italian companies and Critical Infrastructures are, also for the foreseeable future, more prepared and have in fact constituted what is and will be the critical mass of the country's resistance against cyber attacks. The work that awaits us for the new year, concludes Franchina, is therefore to work on SMEs and the Public Administration and to do so it is essential to work on the dissemination of skills, on the training of technical personnel, not just managerial ones, and on the creation of skills that can also allow these areas to set up strategic security structures and not just resort to patchy technological patches. For Alessio Aceti, CEO of HWG Sababa, one of the fastest growing Italian cyber security companies on the market, which also operates in various countries and with constant attention to the Research & Development area, attackers will increasingly exploit IoT devices (objects and machines with integrated sensors and software connected to the network) in two ways: within botnets, i.e. networks of compromised devices called “zombies” which attackers then use to carry out attacks on third parties, and to remain “persistent” at inside the attacked's network, being able to then choose the times and methods to launch more profitable attacks.

The issue to take into consideration is that IoT devices, such as cameras, access control systems, videoconferencing systems and many others, are almost never managed by the IT managers of organizations, attackers are therefore aware that these new “doors” are less manned on the security side and at the same time that these are systems so advanced that they have access to the company network, so as to be able to exfiltrate data or organize a ransomware attack (malicious software that makes all the victim's files no longer accessible). This is why some now consolidated topics for IT will become, in the next year, a necessary focus for IoT systems: device life cycle management, the topic of vulnerabilities and that of identity and privileged access management. Precisely in light of these risks, the transposition of the new NIS 2 Directive comes into play: through which the European Union aims to improve IT security within its perimeter, promoting high standards, extended to new interested parties, to protect digital infrastructures from cyber threats and guarantee the security of European citizens' personal data, involving not only companies and institutions but also the related supply chain.

For Aceti, another interesting scenario that will have a significant impact in the near future will be that of smart mobility & smart city: The digital cities of the future will bring with them many advantages for citizens, but also new risks. In fact, we will see an increase in cyber attacks in this area. The evolution of increasingly connected cities will inevitably bring to the fore the need to protect essential services from potential attacks by cybercriminals. In addition to electricity and water networks, public transport and smart mobility infrastructure will be among the main targets of cyber attacks. It is therefore essential to change the paradigm for local administrations and to think about the safety of these ecosystems from the first phase of implementation and not from when the systems are already active on our roads.

Finally, the impact of Artificial Intelligence, which is talked about so much, a topic on which HWG Sababa has created a unique and innovative system: a Security Operation Center (SOC) capable of keeping pace with the development of new threats and attacks increasingly complex cyber. In essence, an advanced Operations Room capable of integrating AI with generative algorithms intended to transform the decision-making process, communication with the business and threat management. This will allow existing cyber security processes to evolve, improve detection (attack detection), automate threat hunting activities (search for potential cyber threats before they arise) and, in the medium term, replace first-level analysts, who will be able to focus on activities with greater added value. The use of AI in the cybersecurity sector will be the necessary evolution to counter increasingly pervasive attacks and will allow us to address a greater number of threats in a practical and effective way.

Finally, for Lior Tabansky, Head of Research Development of the Interdisciplinary Cyber ​​Research Center of Tel Aviv University, with over twenty years of experience in cybersecurity, the mobile phone is the new endpoint, the critical connection point with the external network. As the principles of “Zero Trust Security”, i.e. principles according to which no network perimeter is trusted and every transmission must be authenticated before it can be made accessible, will increasingly gain ground within public and private organizations , the security of mobile devices, through which every person, regardless of their profession and social or cultural level, now lives their vital and decision-making processes, will become the sector to be made less penetrable.

An area therefore which totally concerns the use of technologies for the management of personal data flows, where security is entirely based on trust but where many “partners” are involved, first of all the giants Google and Apple and now also Open TO THE. Technological giants who, due to their business methods, will attempt to exercise significant control over our daily activities which are increasingly in conflict with the legal powers of individual countries. This is also why we will see the growth of browsers and navigation systems with greater security and confidentiality reliability, while more mature organizations in terms of cyber security will increasingly seek greater innovations to gain significant control over the overall mobile edge. Geopolitical aspects are grafted onto this scenario of conflict between extra-state powers in the field of technologies and data, from the ongoing physical conflicts, which are unfortunately characterizing this beginning of 2024, to the potential ones: all the great world powers will try to have a own specific area of ​​influence, action and business also within cyber space.