Cyber attacks on companies, organizations and institutions have increased by 300% since the start of 2022. While effective defense depends on technology, it is, above all, a question of awareness and skills. This topic was the focus of the "Systemizing cyber defense: a policy that can no longer be postponed” conference, and was co-organized by SACMI and Yoroi (Tinexta Group), a national cybersecurity player. The latter is a key SACMI partner, helping develop the cyber resilience strategy the company applies both internally and in relations with its partners, customers, consultants and suppliers.

First and foremost, as the speakers emphasized, is the need to extend cybersecurity strategy beyond the organization itself to include its extended relationships. Why? Because hackers are particularly good at identifying ‘indirect’ system flaws. These might consist of an employee-partner who accidentally releases sensitive data on mixed-use devices (e.g. simply by checking a personal e-mail account on the company PC) or a supplier without any real cybersecurity strategy who is therefore vulnerable and could potentially ‘infect’ the main organization.

“This is a crucial topic”, stated the President of SACMI, Paolo Mongardi, who opened the meeting, “especially since the advent of Industry 4.0 with its interconnected manufacturing machines and systems”.  With such a data-driven business model, in fact, a solid strategy for protecting and managing data itself within ‘smart networks’ is a must.  SACMI aims to apply best practices in this field, especially as regards the vast world of small and medium-size enterprises.

 “All too often, organizations take action when the damage is already done”, pointed out Michele Colajanni, lecturer at the University of Bologna and a leading national expert on the subject, “an approach that’s obviously ineffective. Management has to take charge in ‘peacetime’, put together a cybersecurity strategy and implement it at every level of the company”. That means a top-down approach based on the assumption that “we’re all someone’s suppliers or customers”. And, given the ever-closer integration between OT (operation technology, machines) and IT (information technology, computer systems) levels, IT security also means physical security.

Another special guest at the conference was Luca Nicoletti, Head of Industrial Programs, Technology, Research and Training at the Italian National Cybersecurity Agency, set up two years ago and fully operational since 2022. “We’re a bit behind other countries”, explained Nicoletti, “but that gives us an opportunity to observe their best practices and act accordingly. A significant boost will come from the post-Covid National Recovery and Resilience Plan, which has allocated some €600 million, and European programs such as the Digital Eu Program and Horizon EU, with over 100 billion euros allotted for 2021-2027”.

So how is SACMI's cybersecurity strategy in detail? And how is it applied in day-to-day company practices? Marco Corsi, SACMI chief information officer, and Francesca Merighi, SACMI cyber security officer, explained: “The cybersecurity team was set up in 2017”, said Corsi, “and since then has, on one hand, focused on securing IT infrastructure (networks, systems, data) and endpoints (PCs, tablets, smartphones supplied to employees and partners). On the other, it’s concentrated on defining and integrating “security procedures and cyber risk training/awareness programs for group employees”.  “More recently, we’ve focused on security at production sites and on our plants, plus security measures for our products and services”, illustrated Francesca Merighi.

Marco Corsi and Francesca Merighi also underlined that, from an organizational perspective, SACMI has instituted an internal cyber team, which operates in close collaboration with Yoroi’s external Security Operation Center. The latter responds to cyber attacks 24/7 and pinpoints any technical or organizational vulnerabilities, also by running ‘preventive’ security simulations.
“Control of strategy and the actions to be taken in the event of a threat remains with the company”, pointed out Marco Ramilli, CEO and founder of Yoroi. “What we provide is technical analysis, specifically designed to keep pace with the continuously evolving methods of the hackers themselves”. Cybercrime is becoming increasingly sophisticated, and the company is perfectly positioned to study it as "Yoroi currently controls approximately 200,000 workstations”.

The end of the meeting also saw a simulated cyber attack, which confirmed something important: at least 50% of the IT risk depends on the ‘human factor’, that is, on poor cybersecurity awareness among individual employees, collaborators and partners. Hence, as the speakers concluded, the pressing need to treat IT risk as a ‘corporate operational risk’ and invest in the relative skills.