IT security in Italy: analysis of the Clusit 2024 Report

The Clusit Report 2024 – Introduction

Cyber ​​threats are increasingly numerous and we need to keep up with them it has become a real challenge. Technology evolves rapidly and, as a result, attackers' tactics are also refined.

To prevent any cyber attacks, companies need to have a detailed overview of the digital world.

It was born for this reason the Clusit Report, a precious tool that offers an annual analysis of security incidents more meanings occurred globally, with particular attention to Italy.

Let's see in detail the data which reports the Clusit 2024 Report.

Growth of cyberattacks in Italy compared to the global average

In the Clusit 2024 Report, different types of attacks were considered for analysis. Between main attack techniques analysed, they are distinguished: 

• Malware: In 2023, this technique was the most widespread, accounting for 36% of attacks worldwide. 
• Vulnerability exploits: These attacks made up 18% of the global total, marking a 76% increase from 2022. 
• Phishing and Social Engineering: These methods accounted for 8% of attacks worldwide. 
• DDoS (Distributed Denial of Service) attacks: These have seen a notable increase, with a 98% increase globally. In Italy, DDoS attacks accounted for 36% of all incidents recorded in 2023, overtaking malware for the first time. 

The data collected by Clusit refer only to serious accidents e they are limited to public sources, with the consequence that the resulting photography it is indicative and statistically significant, but it still remains partial compared to the phenomenon as a whole.

In 2023 were recorded in total 2.779 serious accidents entered the public domain. This represents a del% increase 12 compared to the previous year, with a monthly average of 232 attacks.

Italy has been hit from 11% of global attacks, with a total of 310 serious attacks and with an increase of 65% compared to 2022.

These trends highlight the need for a more coordinated and robust approach to cybersecurity, emphasizing the importance of investments in technologies and skills to counter the growing threat of cyber attacks.

Most used attack types in Italy in 2023 and in the world

From Clusit Report 2024 has emerged that the most used types of attacks globally are: Cybercrime, Hacktivism, Espionage/Sabotage and Information Warfare.

• Cybercrime: 84% of attacks globally have been attributed to cybercrime, with over 1.160 cases recorded in the first half of 2023.
• Hacktivism: Attacks attributable to hacktivism are growing by 8%.
• Espionage/Sabotage and Information Warfare: These types of attacks are decreasing and represent 6% and 2% of the total respectively.

In ItalyInstead, the most used attack types I'm:

• Cybercrime: It represents 64%.
• Hacktivism: It represents 36%.

Sectors most affected in Italy

The data that emerges from the analysis of the distribution of victims of attacks in the period 2019-2023 is that the most targeted category on a global level it is that of “Multiple Targets”, which includes attacks not targeted at a specific sector.

The sectors follow: 

 - Healthcare Logistics: This sector has undergone an increase which has raised numerous concerns regarding the protection of sensitive patient data, seriously putting their privacy at risk.

 - Financial/Insurance: The increase in this sector leads to fear potential exfiltration or loss of banking data, damage to reputation o interruptions to the services offered to customers.

The categories most targeted in Italyinstead, they are:

• Government: represents the Present in several = 19% of attacks. Government institutions they handle a vast amount of sensitive data, such as citizens' personal information, financial and strategic data, which could be breached.
• Manufacturing: represents the Present in several = 13% of attacks. This is an alarming fact, since manufacturing represents an essential part of the Italian economy.

Because Italy is an easy target for cyber attackers

Italy is an easy target for cyber attackers for several reasons:

• Limited technological knowledge: Many organizations in Italy have a limited understanding of cyber threats and security measures. Lack of awareness and training makes it easier for attackers to exploit vulnerabilities.
• Outdated security systems: Some infrastructures and organizations continue to use outdated or outdated security systems. These systems may be vulnerable to known attacks.
• International geopolitical context: Italy is at the center of geopolitical interests and may be subject to targeted attacks by hostile groups or nations.
• Lucrativeness of malware attacks: Malware-based attacks are particularly profitable for cybercriminals, making Italy, a country where defenses are particularly low, an attractive target for these illicit activities. 

What companies must do to defend themselves from cyberattacks

In the near future, cyber attacks they will be even more sophisticated and widespread compared to today. All companies, large or small, they have to take it seriously IT security e take preventive measures, as:

• Investing in training: Lack of knowledge about Cybersecurity leads to these being committed human errors. It is important, therefore, raise awareness among staff on the topic of IT security.
• Adopt advanced security solutions: The use of artificial intelligence e the adoption of a SOC they can revolutionize a company's ability to detect and respond to attacks.
• Use ZTNAs: ZTNAs represent a big step forward towards greater safety inaccess to company resources, ensuring its safety.
• Install a new generation firewall: A Next-Gen Firewall, Plus act as a barrier between an internal network and the outside, protects against intrusions, infections and fraudulent activities with advanced controls.
• Adequate security protocols: They allow you to protect communications, authenticate servers and ensure the confidentiality and integrity of online data.
• Continuous updates: It's important keep software packages updated used in the company to reduce as much as possible the presence of vulnerabilities and security holes that can be used to violate systems.

Conclusion

In summary, in Clusit 2024 report highlights a negative trend compared to what was recorded a year ago and, in this result, it stands out precisely our country, unfortunately not by virtue. 

THEItalyIn fact, appears backward from a digital skills point of view and the index bears witness to this DESI of the European Commission, In which Report 2023 positions us quarter last out of 27 in the basic digital skills category and last for graduates in ICT subjects.

La global vision which offers the Clusit 2024 Report helps businesses of all kinds to have a detailed overview of cybersecurity incidents, so that they are constantly informed and prepared to any cyber attacks.

If you want to best protect your company from cyber attacks, request a free consultation with our Experts.

Keep reading…

• 
  Microsoft Copilot: the AI ​​that increases work productivity in Office 17/04/2024
  Copilot, Microsoft's new generative AI, is designed to optimize productivity in the daily tasks carried out with the Microsoft 365 Suite. Thanks to its advanced artificial intelligence, Copilot offers assistance and suggestions to improve efficiency and simplify operations within the Microsoft ecosystem.
• 
  IT security in Italy: analysis of the Clusit 2024 Report04/04/2024
  Cyber ​​threats are increasingly numerous and we need to keep up with them it has become a real challenge. To prevent any cyber attacks, companies need to have a detailed overview of the risks of the digital world. It was born for this reason the Clusit Report, a precious tool that offers an annual analysis of security incidents most significant events that have occurred globally, with particular attention to Italy.
• 
  DORA regulation and IT risk: the article by Distline's Compliance Manager published on Cybersecurity36019/02/2024
  The renowned newspaper Cybersecurity360 published an article written by us Compliance Manager entitled "DORA and cyber risk: automation of the evaluation process of ICT service providers”.
   
• 
  Distline is certified according to ISO 9001 and ISO/IEC 27001 standards06/11/2023
  In Distline we are committed every day to providing high quality, secure, reliable and innovative IT services to meet the needs and expectations of our Customers.
  This is why we are proud to announce the certificazione of our Quality and Information Security Management Systems according to standards ISO 9001. e ISO / IEC 27001! A very important stage in our process continuous improvement.
   
• 
  Why XDR is essential in 202310/07/2023
  XDR is a Cybersecurity technology that extends the ability to detect and respond to emerging and sophisticated threats by analysing and correlating data from different security products.
  In a landscape where cyber attacks are increasingly targeted, you need to have a global view of cyber threats in a single interface. In this way, you don't need to use many platforms.
  In the following article we will explain in detail what XDR features are and why it is a tool that Distline strongly recommends.
• 
  How to recognise phishing emails18/04/2023
  Phishing is a hacking technique that consists in fraudulently tricking unsuspecting users into sharing their account credentials. However, it's often possible to recognize phishing emails by paying attention to some details and recurring topics. In this article we explain in detail how to recognise a phishing email, how to protect yourself and what to do if you suspect you are the victim of an attack.