It was held in Rome in October Cybertech Europe 2024an event that focuses on cybersecurity, created in collaboration with Leonardoin which numerous companies participated. What emerges is that cybersecurity is changing its face: if in the past it has always been considered a topic by experts, now that digitalisation has reached very high levels in various fields, it is now increasingly an essential component of any activity that leverages digital. In summary, a cultural change is necessary to face the challenges of digital transformation, in any field.
But what do the protagonists of the sector think? We have gathered the opinions of some of the key players.
Sophos: Pay attention to the supply chain
“We see more and more vulnerabilities in the supply chain, and we have seen a substantial increase in victims in Italy”. He states it Ross McKercharCISO of Sophos, who has a very important task in the company: protecting Sophos itself from attacks. According to a survey carried out by the company, Italy is one of the countries most affected by supply chain attacks, so much so that 65% of the companies interviewed say they have suffered at least one breach.
McKerchar points out a worrying aspect: attack vectors are changing. “Historically, phishing was the main one” – states the CISO – “but now we are seeing other methods, such as exploiting vulnerabilities and attacks on VPNs and firewalls”. Techniques once used mainly by state-sponsored actors, but which have recently also been increasingly exploited by cybercriminals. Targeting the supply chain is a very effective approach: large companies can count on large budgets and highly skilled staff, unlike SMEs who are their partners or suppliers. But what can the “big” do to protect themselves? According to McKerchar, the solution is not (just) to carry out security audits, but rather to ask questions to the actors who populate their supply chain, to investigate to understand which companies are most at risk of a cyber incident. And from here make a selection to understand if there are partners at risk, with whom to interrupt relationships, or push them to improve their security posture.
In this respect, Sophos offers tools to companies to help them independently verify whether their infrastructures present critical vulnerabilities. But the CISO also highlights an often overlooked detail: thinking that if no vulnerabilities are found, then it is a safe company. This is incorrect, according to McKerchar: the truly safe companies are those that update and install patches frequently, and who communicate this with transparency. Because, upon closer inspection, no one can define themselves as totally safe, but they can work to constantly improve their state. Sophos itself knows that there could be bugs in its solutions, and for this reason it has activated a bug bounty program that offers $80,000 to anyone able to find a critical vulnerability in its systems.
Another topic we discussed with McKerchar is that of responding to ransomware: what should you do if you are a victim of this malware? “It takes creativity. But also the ability to recognize attacks and react immediately. Even with expert advice”. Internally, IT security experts are not always necessary, who can be called upon as needed to react, but it is necessary to have a plan, especially communication. Because when ransomware activates, communications are interrupted: emails don’t work, and it’s difficult to coordinate. This is why it is important to immediately know who to call in case of emergency, without having to search for the contact within your IT systems.
McKerchar also highlights how the entry into force of NIS 2 will push many large companies to pay more attention to the realities that are part of their supply chainand in some cases they could also support them in improving their security posture. And what we will see in the coming months/years will probably be a greater demand for SOC as a service: “Companies will understand that they need an expert, and with the entry into force of NIS 2 they will find themselves having to hire them. Those who do not have the budget to equip themselves with internal skills will necessarily have to rely on a service of this type”.
Trend Micro: AI enters cybersecurity
Second Alessio AgnelloTechnical Director for Italy of Trend MicroAI will be a key tool in the fight against cybercrime. And the company, in fact, already integrates it into its solutions, in various ways. Starting from the protection of AI data centers of large companies, using AI algorithms accelerated by NVIDIA GPUs. Because these realities “they often need to protect the sovereignty of their data”, and therefore they do not rely on AI models in the cloud, but rely on infrastructures controlled by them.
Trend Micro also uses AI to simplify the work of SOCs, letting algorithms analyze alerts from security solutions, speeding up analysis and saving time for human operators.
Agnello also highlights the growth in the use of wall AI by attackers, who exploit it to create extremely credible audio-video deep fakes, capable of deceiving even an expert. Because of this Trend Micro provides tools that can evaluate whether content is real or generated by AI. These tools are available not for the business world, but also for consumer users.
In addition to using AI to protect, Trend Micro is also committed to protecting AIa topic that will be increasingly important, because LLMs can be abused. Attackers target LLMs to modify their responses to make them incorrect or malicious. For this reason we have a solution capable of controlling access to solutions such as Microsoft’s Copilot, Google’s Gemini, Meta’s LLM LLama and more.
Another theme not to be underestimated is that of secure VPNswhich are increasingly abused, also thanks to remote working. “VPNs may include some vulnerabilities, and attackers try to exploit them. For this reason we have developed technology that masks VPNs, so as not to expose the service online”.
On the topic of multi-factor authentication, Agnello advises not to convince yourself that they are inviolable. Of course, they are very safe, but even with difficulty, an attacker could be able to overcome this barrier too. For this reason he recommends also implementing other solutions, based on artificial intelligence, which are capable of analyzing behavior and identity: “see where a user authenticates from and at what times”, so as to immediately identify any suspicious activities.
Trend Micro’s view on NIS 2, which goes into effect in October? According to Agnello, the companies that were already interested in the previous NIS will arrive ready for the appointment. Many others who find themselves facing the issue for the first time, however, will not be able to comply immediately: it will take more time.
Focus on DORA and NIS 2 with Palo Alto
Since 17 October, NIS 2 has been in force, a series of European standards that indicate the minimum levels of safety for companies operating in critical sectors, and which also involve the companies that operate along their supply chains. Are companies ready? “According to recent research by Palo Alto Networks and IDC, only 28% of CISOs in EMEA and LATAM regularly test their incident response plans”, he says Michele LamartineRegional Vice President Italy, Greece, Cyprus & Malta of Palo Alto Networks. “Strict regulatory requirements and the possibility of sanctions for non-compliance could push companies to maintain a cautious approach to cybersecurity, which is not appropriate behavior in a world where the threat landscape is rapidly evolving and becoming increasingly complex. For example, enterprises may choose to employ established legacy technologies at the expense of newer, AI-based detection systems that may instead offer more precise and personalized threat identification. Adopting a more innovative approach would allow you to not only protect yourself today, but also prepare for the future”.
But NIS 2 is not the only European cybersecurity directive. DORA, a regulation that affects companies operating in the financial sector, will also come into force in January. And which, according to experts, is much more complex. “The entry into force of the new regulation will place the financial sector in a complex situation, called upon to prepare on various fronts, including becoming fully aware and able to implement the useful safeguards to be able to face the exponential increase in risks and threats connected to digitalization of services”, underlines Lamartina. “Critical for financial institutions will be the achievement of digital resilience, a fundamental step to ensure constant compliance with the new regulatory framework. Financial organizations will increasingly come under scrutiny from regulators, with some expressing concerns about its potential impact on innovation and competitiveness, as well as compliance costs and operational disruptions during implementation and deployment. alignment with existing cybersecurity frameworks. The maturity and complexity of each financial services company’s governance will impact how it complies with regulations. For example, companies with a lower maturity profile and a lower competitive advantage in the market may have to invest more resources to meet their requirements. This is because, unlike their more mature counterparts, they often do not possess the necessary internal cybersecurity skills, and relationships with potentially strategic suppliers and partners are also in the development phase”.
On the topic of AI, Palo Alto is also integrating it into its solutions. Specifically, the company’s technology is called Precision AI“a proprietary innovation that combines the best of deep learning and machine learning with the accessibility of GenAI for real-time”, says Lamartina.
“We can offer AI-powered security that can anticipate adversaries and proactively protect networks and infrastructure. Our Precision AI allows us to change the cards on the table and create a new paradigm in security in which – perhaps for the first time – the defender has the advantage over the opponent. We offer AI technologies capable of countering AI and combating the risks associated with the dangerous use of artificial intelligence, providing the Precision AI Security bundle which offers advanced security services, such as Advanced URL Filtering, Advanced Threat Prevention, Advanced WildFire and Advanced DNS Security, powered by Precision AI, leverage inline AI to prevent sophisticated web-based threats, zero-day threats, command-and-control evasion attacks, and DNS hijacking attacks”.
Source: edge9.hwupgrade.it
