Cybersecurity and Trust. New security tools
The Italian economics is made up, in the vast majority, by a galaxy of medium and small enterprises, in which the specific IT staff does not exist for structural or turnover reasons. In many of these situations, there are situations where computers are used in a promiscuous way, where the servers reside in unprotected places do not know how many and which computers can connect to the network, and where company data are allocated such as production methodologies, projects innovative and the customer book. This galaxy of enterprises is the backbone of the Italian economy and the basis of Italian production chains, the architects of national production. At the same time, these companies represent an important risk for large companies in the production chain, as cyber-criminals enter the systems of large companies through vulnerabilities in small and modest suppliers. Raising the security levels of small and micro businesses is a fundamental step for securing production chains. This increase is particularly important at a time of strong digital transformation of the industrial sector (Industry 4.0) that will increase the integration among the companies belonging to a supply chain, thus increasing the probability of an attack. We are now witnessing a continuous increase in cyber attacks that are becoming increasingly complex and complex. These attacks occur by exploiting a combination of human and technological vulnerabilities that allow cyber-criminals to enter an organization. The cyber-criminals do not attack only banks and large multinationals: a large part of their turnover is in fact achieved by attacking tens of thousands of medium, small and micro enterprises completely unprepared to effectively deal with the threat. The criminals block the operations of these companies and then ask for a ransom, stealing the assets, the data or spying on the business strategies. This puts the very survival of the company at risk. However, many of these attacks exploit trivial vulnerabilities in the company's information systems or a lack of awareness of this problem by internal staff. The spread and complexity of cyber attacks on companies, governmental institutions, and financial institutions underline the need for well-organized responses. The cyber attacks are transversal, both the public and private sectors, and the corresponding responses require the involvement of different entities, such as regulatory authorities and judicial authorities. According to a study by the Information and Communication Technology (ICT) for the banking sector developed by Abi Lab (the research and innovation center promoted by Abi, the Italian Banking Association), the management and mitigation of cyber risk and security of online payments are today two absolute priorities for Italian banks, which are focusing on these areas an important part of their investments in technology. Important investments are also on the strengthening of the internet and mobile banking services, artificial intelligence, new forms of assistance and interaction with the client, integration between channels and the digitalization of processes and documents and the blockchain. These aspects are accompanied by a strong focus on data governance (new general regulation on data protection), but also on the commitment to modernization of core banking and infrastructure adaptation. To make the answers as effective as possible, sharing information between entities is essential. One of the greatest benefits of sharing information is that it is much lower than its individual collection, and support for such sharing can take advantage of various legal or contractual instruments, such as consortia, consortium companies or the network contract. The difficulties mainly concern the protection of information exchanged, the violation of legal restrictions, the risk of issuing sensitive information, the lack of interoperability and the lack of trust of the entities involved. The techniques used for a secure sharing of information benefit from the enormous amount of results coming from both IT and legal research fields. However, many aspects remain only partially resolved or even unresolved. The greatest challenges regarding the secure sharing of information that arise in the immediate and medium term can be such as greater integration and synergy between technological solutions and legal instruments that develop awareness and a culture of security. For this reason, the problem arises for the Banks and those who are professionally responsible for the protection and conservation of data to see protecting the company assets from any violation of legal restrictions, attacks on sensitive information. The Italian legal framework lacks a qualified, flexible tool to protect corporate assets, (production, commercial, banking but no-profit too). This tool can find it in the Trust: an Anglo-Saxon institution, whose main effects are the "segregation of assets", the management of a trust fund in favor of certain beneficiaries or for the achievement of a purpose of social, cultural and trade interest; tout court a "Charitable Trust". With certain legal expedients and following international regulations and specific applications it is feasible to establish a Trust by the subjects now by the "institutionalized" law that can see safeguarded its corporate assets from the one specifically set up to protect the risk not only economic but also of responsibility economic, civil connected to the violation of privacy.
This is a translation made by the authors. Original article appeared on the Agenzia Stampa Italia website on 6 September 2018. Original article