The danger runs on the internet. Every year the cyber attacks are on the increase more and more. The 2022 was theworst year for cybersecurity with 2.489 serious accidents globally. and theItaly has now become a central goal Some hackers. Over the past year they have occurred in Italy 7,6% of the total attacks (against 3,4% in 2021) and 83% of these cases turned out to be serious.
These are some of the data from Clusit 2023 report published by the Italian Association for Information Security (Clusit).
Constant growth of cyber attacks
Over the past 5 years, the situation has worsened clearly, following an almost constant trend. Comparing the numbers of 2018 with those of 2022 the growth in the number of attacks detected was of 60% (from 1.554 to 2.489) with the monthly average of serious attacks globally increasing from 130 to 207. Medium severity (severity index) of these attacks has drastically worsened. Part of this deterioration is also due to the conflict between Russia and Ukraine which broke out during the year.
Analyzing cyber incidents in 2022 we note that the main attacks remain those with cybercrime purposes, which were over 2.000 globally, i.e. the82% of the total (+15% compared to 2021). Therefore, the economic implications, linked to the widespread diffusion of ransomware attacks today, remain at the center of the thoughts of cybercriminals.
The other types of attacks also grow, all reaching their maximum: espionage activities e sabotage (11% of the total), information warfare (4%) activism actions (3%). According to Clusit data, between 2021 and 2022, due to the Russian-Ukrainian war, Information Warfare and Hacktivism grew by 110% and 320%.
The sectors most affected by cyber attacks
I Multiple Targets (multiple targets) are back to the main victims (22%), an increase of 97% compared to 2021. The Health it is the second sector most affected by cyber attacks with a percentage of the total of 12,2%. Follows the government sector and public administrations (12%) which over the course of five years has seen an overall increase of 25%.
The data shows that cyber attacks decrease in all types with the exception of Financial, Manufacturing and News and Multimedia. The category Financial sees an increase of one point (8%) compared to 2021 and 2020 (7%). Probably this factor depends on the spread of cryptocurrencies, which encourages attackers to explore this new possible source of “income”. The sector manufacturing sees a steady increase from 2% in 2018 to 5% in 2022 probably due to the growing diffusion of the IoT and by the trend towards the interconnection of industrial systems, which are often not sufficiently protected.
Il most affected sector in Italy in 2022 it is instead that governmental, with 20% of the attacks, followed by the sector manufacturing (19%). Also in Italy the greatest growth, year by year, is seen in the "Multiple Targets" category (+900%).
America most affected region, attacks on Europe are growing
Reading the data geographical distribution of the attacks we have a snapshot of how digitization varies in the world and which countries defend themselves best. L'America it remains the most affected region (38%) even if the number of victims decreased by almost 7 percentage points compared to the previous year. Instead, the data grows in Europe (24%) which almost doubles compared to 2018 (13%). decreasing theAsia from 12% in 2021 to 8% in 2022. Stable oceania (2%) and Africa (1%).
The preferred techniques for cyber attacks
Il 64% of accidents they have as a cause "clumsy" actions, users or ICT staff. Sending malware remains the preferred attack technique, used 37% of the time. Among other main techniques grow the Phishing/Social Engineering (12%, up 52%) and the exploitation of Vulnerability (12% excluding the component of attacks based on the so-called "0-day"). Shooting increase for attacks DDoS (4%) with a variation of +258% and the multiple techniques (+72% annual percentage change), by virtue of the more complex nature of the attacks.
In Italy the most used cyber attack is the one by means of malware which represents 53% of the Italian total and in the sectors where it affects has a impact serious or very serious in 95% of cases. Compared to the rest of the world, however, the attacks of Phishing need SOCIAL ENGINEERING, equal to 8%, while the percentage of accidents based on remains worrying known vulnerabilities (about 6%).
In the Report there is also space for institutional events, which affected in 2022 i individual citizens and SMEs, well highlighted by the contribution of the Postal and Communications Police: they are accidents which individually, cannot be defined as important or highly visible but which nonetheless show a trend in huge growth which is becoming increasingly worrying: only in the province of Milan, in 2022, the number of reports of scams and computer fraud by number of inhabitants is second only to those relating to traditional thefts. “It is therefore essential that the School, the University, public and private entities work in synergy to develop a culture of safety that it is part of the wealth of knowledge of all citizens, starting with the new generations” he says Gabriel Faggioli, President of Clusit.
Evolve the approach to cybersecurity
Commenting on the data, the President of Clusit declared the need for a “evolution in the approach to cybersecurity guided no longer by normative drivers, but by risk assessment and management processes for the business, designed to adequately calibrate investments on the basis of real needs". In a world where, in 2023, some organizations still have an approach to cyber security based on the "for what I do who wants to attack me", it is a "fundamental fact to understand how each organization must have its own specific strategy contrast to attacks and containment of accidents” comments Faggioli also hoping that in Italy “institutional initiatives are also supported by individual companies and public administrations, with a view to public-private collaboration, through the establishment and evolution of suitable processes security monitoring, incident management, crisis management, and SOC services, among others”.
In preface on the report (p. 6) there is written la hope of the president by Clusit for the future of Cybersecurity in Italy: Lots of small defenses don't make a big defense. We need economies of scale and the sharing of experiences, skills, resources. It's difficult, especially in a country as divided as Italy, but it can be done".
THU to download the Clusit 2023 report.
