(Finance) – The January 28 is the European day for the protection of personal datathe Data Privacy Day, which aims to raise awareness of people, companies and institutions on correct use and storage of data.
A campaign whose importance is underlined by very worrying data: according to a recent report by DLA Piper, in fact, from 25 May 2018 (date of entry into force of the new European GDPR regulation), Italy is second in Europe for the number of violations with 83 interventions by the Guarantor Authority (Spain leads with more than 250 penalties, followed by Romania with 57) and is in third position for overall fines of almost 80 million euros.
“Sensitive data is a strategic asset, but in Italy we are still a long way off from creating a culture of data compliance value: the evolution of IT infrastructures must evolve from cybersecurity to cyber-resilience “, underlines the expert Jacopo Tenconi, Primeur’s GDPR Specialistan Italian multinational specialized in data integration.
Returning to the European scenario, at the top of the ranking of sanctions are Luxembourg and Ireland, nations where renowned multinationals of online commerce and social networks are based: within the small Grand Duchy the highest fine in the history of the European Union was imposed with the value of 746 million euros. Overall in 2021 there was a real boom of sanctions given that in the Old Continent the quota of 1.1 billion euro of fines has been touched: an increase of 600% compared to the same period last year where total violations were recorded for 158.5 million euros. The scenario on data breach reports is no better: the number of violations involving access, modification, deletion or unauthorized disclosure of personal data has arrived over 130 thousand in Europe in the last year. This is a daily average of 356 reports, an increase of 7.5% compared to 2020 data. Italy is growing twice as fast as the European average: the report identifies 1,782 data breach violations in the last 12 months, + 13.2% compared to the 1,574 indicated in 2020 (in the lead is Germany with over 40 thousand notifications followed by the Netherlands and Poland).
The entry into force of the European GDPR regulation has radically changed the scenario regarding privacy and the management of sensitive data: companies and institutions must comply with strict rules on the management of personal data which may include the obligation to notify authorities breaches by hackers or hackers within 72 hours of discovery. But why in Italy we are still so far behind in Europe? According to Simone Bonavita, professor in Treatment of Sensitive Data at the University of Milan, a twofold reflection must be made: “On the one hand, the Italian Privacy Guarantor has members of proven ability who are very attentive to the protection of the interests of the community and has undertaken a series of awareness-raising activities on issues related to the protection of personal data. On the other hand, many companies perceive privacy as an “unnecessary burden” rather than an opportunity for process optimization. Optimizing a process means increasing productivity and this efficiency function of privacy represents a paradigm not well known in Italy. Furthermore, many Italian companies lack an approach, in terms of privacy and security, that is attentive to the process, rather than the task “.
A constantly evolving scenario that above all it alarms companiesCyber risks are the main cause of concern for businesses in 2022 with 44%, according to the Allianz Risk Barometer and have outstripped supply chain supply difficulties, natural disasters, climate change and the evolution of the pandemic . “Now the question that IT departments must ask is not whether there will be cyber attacks but when they will arrive and how it will be possible to limit their impact on the company business – he says. Tenconi -. Recent changes have created an unprecedented cyber addiction and hackers are seizing every opportunity to exploit the vulnerabilities of organizations to prepare for new cyber attacks. “
What are the 10 biggest cyber threats users will face in 2022?
Social Engineering – This type of cyber attack studies the behavior and interactions that people make online and then deceive the same users with the aim of stealing sensitive information, extorting money or stealing identities.
Ransomware – It is the threat that worries organizations the most: the digital device is infected with a malicious program that blocks access to documents and then demands a ransom. Recently the Lazio Region suffered a ransomware attack that sent various services reserved for citizens into a tailspin, including the portal dedicated to vaccination.
Cryptojacking – The new frontier of cyber scam. This attack uses the electronic device for mining of digital currencies without the owner’s knowledge. Unlike other threats, the goal is not personal information but is to use another person’s computer to perform digital mining operations and accumulate cryptocurrency.
Smishing – The evolution of phishing. More and more threats traveling through text messages: usually these are fake credit institutions or post offices asking for personal financial information such as an account number or credit card number.
Bot – It is a network made up of several PCs infected with malware that is used to send harmful emails containing spam, viruses or with the aim of stealing personal data. With the increase in smart working and the simultaneous use of home networks with working devices, these attacks are back on the agenda.
BEC, Business E-mail Compromise – This type of attacks allow hackers to access a company email account and pretend to be the owner with the aim of scamming the company itself or suppliers / partners with truthful emails coming from an authoritative interlocutor.
Robocall – Incoming calls from automated systems are on the rise: this type of phone call is used more and more by telemarketing companies but in some cases the calls have the aim of fraudulently obtaining the user’s data to activate them unbeknownst to unsolicited contracts.
Deepfake – It is a technology based on artificial intelligence which, through the superimposition of faces on real people, allows you to falsify videos by creating highly realistic images and filming. This type of scam is used by hackers above all to blackmail other people, especially in the personal sphere.
Spyware – It is malware that is downloaded to an electronic device without the user’s permission and steals user data to sell to advertisers and external companies. It is capable of infecting devices via malicious apps, links, websites and email attachments.
SIM Swap – The “phone card swap” scam is an identity theft where the criminal manages to obtain the victim’s personal data: through a fake report, the Sim is duplicated and so the scammer can start operating with home banking of the victim by receiving notifications on his mobile phone to authorize the operations.