Cybersecurity: Beyond governance, more professionals and more information

(by Davide D'Amico, member of the AIDR Board of Directors and Director of the Ministry of Education) In recent days there has been a lot of talk about cybersecurity, which has come to the fore both for the organizational structure and for attacks suffered by various Italian companies including November Enel, Luxottica and Campari. Furthermore, even the colossus Leonardo from what the press says, it seems that he has suffered several data thefts but it seems that we do not know what was actually stolen / copied. This must make us reflect on the national strategy that needs to be addressed to protect, for example, data security. In this sense, the GDPR has marked a regulatory path, which contributes to effectively manage vulnerabilities and threats, but which must necessarily follow an implementation logic that is still too often formal and not very operational.

The goal must be to build an ecosystem of rules, processes and technologies that creates a balance between the need to protect citizens, public administrations and businesses, the latter, not only the large ones, but also those that make up the Italian business fabric. of SMEs, and which ensures, at the same time, the adoption of new technological approaches that are innovative and also with a certain level of risk, which is nowadays necessary to remain competitive.

In practice, it is necessary to be able to protect the strategic assets of our country, among which the corporate ones deserve particular mention, taking into account the continuous acceleration to which new business opportunities are moving.

Beyond the governance that the policy will want to define and activate, it is necessary to quickly ensure information and dissemination of the culture of cybersecurity aimed at anticipating the possible risks associated with the different types of cyber attacks, differentiating the activities to be implemented on the basis to the various recipients, whether they are citizens (individuals, families, parents and children), SMEs, large companies and public administrations. We need to increase financial resources in the cybersecurity sector and make people understand the importance of investing in training professionals in the security sector. Suffice it to say that the unemployment rate in this sector is zero and, while the demand for security professionals and experts continues to grow, the number of people with the skills and experience necessary to fill these positions is currently very low. .

This scarcity of skills available in the security sector, on which it is important to reflect in order to curve a greater number of dedicated training courses both at university and post-university level, also highlights the current need for the related professional profiles to play a non-essential role. more strictly technical, but broader and more strategic, which guides the growth of companies, supporting organizations to take risks (appropriately mitigated) in the use of new technologies, ensuring full compliance with the security of the data and information processed.

Today we as a country cannot afford to neglect the cybersecurity sector. Everything that surrounds us is increasingly immersed in digital, from our homes, where home automation is gaining ground, to the automotive sector, but also in the energy and health sector, everything is increasingly digital and invaded by sensors and intelligent actuators and the risks associated with safety profiles are innumerable and often underestimated. We cannot wait any longer, we need lean, operational and competent governance, more training of professionals and more information and a culture of safety for citizens, public administrations and small, medium and large enterprises!

Cybersecurity: Beyond governance, more professionals and more information