Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.
The centrality of the human factor.
From the cyber front comes no good news.
On the contrary, the war (because this is what it is all about) is more heated than ever and the enemy ever stronger. It is the Clusit’s latest report, presented recently, that draws a very bleak global landscape: 1,637 attacks-an average of 273 per month, compared to 230 last year and 139 in 2019-and confirmation, even for the first half of 2024 of theinexorable growth trend of cyber incursions around the world.
In the first half of 2024, the researchers showed a 23 percent growth in cyber security events over the previous six months, a figure they described as “worrisome,” especially when compared with the 2023 data, which had marked an 11 percent increase globally over the previous year.
The analysis by Clusit researchers looked specifically at the time frame of the last five years, showing an increase in attacks worldwide of 110% from 2019 to 2024; 13% of the attacks completed in the five years occurred in the first half of 2024. This is the highest number of incidents ever, well above the forecast trend line estimated based on the trend of the last five years.
As for Italy, in the first half of this year the report shows a slight decrease in the number of attacks compared to the same period in 2023, with a total of 124 events. However, the number of events is still very significant and continues to indicate an alert situation.
As in the rest of the world, critical attacks have been declining (8 percent compared to 13.5 percent in 2023), in spite of high severity attacks, which instead accounted for 50 percent of the total, up from last year and in line with the global figure.
“In the first half of 2024, the number of incidents suffered by our country is disproportionately high compared to our population and national GDP in relation to world GDP, which certainly deserves careful consideration and concrete mitigation actions,” said Andrea Zapparoli Manzoni, of the Clusit Scientific Committee.
Who is being attacked In Italy
In terms of the various sectors targeted, the manufacturing sector climbed the rankings and became the first victim, accounting for 19 percent of attacks (up from 13 percent in 2023). More than a quarter (28 percent) of the total cyber events targeting the global sector involve Italian manufacturing realities, tracing the peculiarity of our country’s economic fabric, the Report notes.
This is followed by “multiple targets” with 13 percent of attacks and the government, military and law enforcement sector with 11 percent of attacks. Transportation and logistics (11 percent), healthcare (9 percent), the professional/scientific/technical sector (8 percent) and NGO and trade associations (7 percent) are also particularly targeted. This is followed by the ICT, arts/entertainment (both at 4 percent) and financial/insurance sectors, just above 2 percent.
However, according to Clusit, it is the Italian healthcare sector that is of the greatest concern when looked at from a time perspective. In fact, in the first half of 2024, incidents detected to the detriment of this category are comparable in number to those identified in the entire year 2023. The growth over the same period last year is 83 percent, confirming the worrying trend that sees a significant increase in cybercriminal attention to a particularly critical sector.
Translating data into real damage
Data, although they look like aseptic numbers, always hide very complex and also very human realities. In the case of cyber attacks, it is the Data Breach Investigations Report of 2024 to translate the numbers on attacks into real-life consequences by calculating that an average ransomware attack costs organizations about $47,000. However, this is an assessment that does not include the reputational and image damage, which is sometimes even more serious than the mere economic damage resulting from theft of money, or ransom demands.
Another piece of information provided by the 2024 Data Breach Investigations Report of fundamental importance to the analysis of the cyber crime phenomenon is that two-thirds of breaches, internationally, and specifically in the Europe, Middle East, and Africa (EMEA) area, originate from anunintentional human action, i.e., a user making a mistake or falling victim to social engineering.
Yet another confirmation of how central the human factor is in the global cybercrime overview and how necessary it is to raise risk awareness and strengthen the digital posture of individual users.
Just as in other countries, authorities in Italy are also taking corrective action against a growing and worrying risk. In fact, new legislation implementing the European Nis2 directive created with the aim of improving the response of member states to cyber attacks.
It is estimated that in our country the legislation will directly affect 30 thousand to 50 thousand companies, with one-third of them in Central Italy and up to 6 thousand companies in Lazio.
A key focus of the regulations is training employees and management bodies to provide them with sufficient knowledge and skills to identify hazards and evaluate cybersecurity risk management practices.
A measure that, among other things, aims to put the human factor at the center of security procedures with a view to a real and strong security barrier against crime.
Training, however, to be effective, must not only be theoretical, but must involve continuous drills and training and, most importantly, must be built on the basis of the level of preparedness of each individual user.
Such training is undoubtedly the most effective guarantee to prevent attacks, data theft, business interruption, and economic and image damage.
