Great success in Foligno for the second leg of the Cyber 4.0 Roadshow

Cyber 4.0 roadshow – report second leg

Foligno – November 25, 2022

Confindustria Umbria, Foligno Territorial Section,

Sviluppumbria Conference Hall, Via Vici, 28 -Foligno

Background and introduction

The Cyber 4.0 Roadshow, the initiative to bring the SME environment closer to the world of Cybersecurity, had the Umbria Region as its second stop.

The series of events, organized with the DIH Confindustria – Sistemi Formativi Confindustria and LUISS Guido Carli system , are aimed at informing representatives of Small and Medium Enterprises about the framework of cyber threats to which they are potentially subjected and delve into defense priorities, current initiatives, tools to defend themselves and the support that – in this context – the Cyber 4.0 Highly Specialized Competence Center can express.

The work day was divided into two sessions:

• Technique, during which a simulation of different modes of cyber attack was carried out directly involving the participants of the event, thanks to the support of “white hat” hackers, consultants of Confindustria Training Systems. Downstream of the cyber attack simulation, it was possible to learn more about some countermeasures and solutions for cyber incident prevention and response;
• Managerial, focused on the compliance and organizational aspects that characterize the cybersecurity process in the SME context. Interspersed were talks by experts in the field who reviewed current cyber risks applicable to SMEs and descriptions of the main and best tools for defining and governing cybersecurity.

The day was characterized by the presence of experts and specialists in different disciplines of the ICT and Cyber area, which allowed interesting multidisciplinary insights. Particularly stimulating was the presence of students from the local ITS – Higher Technical Institute, who, together with representatives of SMEs, interacted with the experts present, stimulating an extremely educational discussion.

The current cyber risk landscape is constantly evolving: in fact, the probability of experiencing a cyber attack and having to manage its impacts is increasing day by day. This is a direct consequence of the increasing digitization of processes, both in service and production (OT – Operation Technology) garments.

Participants and experts agreed that the key action to decrease cyber risk is prevention, both through the adoption of appropriate IT Security infrastructure and – most importantly – through the growth of solid skills within the individual organization in cybersecurity represents a true business process in which the so-called Human Factor is absolutely essential.

This is evidenced by the simulation shown in live mode by IT consultants from Sistemi Formativi Confindustria: through the spoofing technique (cyber attack that employs identity spoofing in various ways), a man-in-the-middle attack was simulated (cyber attack in which someone secretly relays or alters communication between two parties who believe they are communicating directly with each other), which allows the cyber attacker to intercept and manipulate Internet traffic on local Wi-Fi network. This is a particularly insidious threat because it is absolutely silent: every action that is being done within the local network through every device hooked up to it can be monitored by an attacker, who-with appropriate additional Social Engineering techniques on the chosen target-can eventually enter the individual device and steal all kinds of information.

Spoofing is a technique that can be used to falsify various information, such as the identity of a host within a network or the sender of a message. It is particularly effective for gaining access to confidential information and user credentials.

The first tool, then, of defense against cyber attacks, with particular reference to social engineering attacks, which are among the most prevalent among SMEs, is identification and assessment of the applicable risk for one’s context, and cybersecurity training. But before that, to determine an organization marked by a cybersecurity culture, it is necessary for the leadership to be aware of the risks and opportunities that adopting a cybersecurity framework for their company may have: those who do not comply risk being cut off from the supply chains of large organizations that are increasing their attention to the issue more and more in order to ensure the cybersecurity of their entire supply chain.

The need for increased attention regarding OT security issues is again noted: the spread of IoT devices is an impetuous and unstoppable process. In the face of undoubted productivity and automation benefits, however, this evolution brings with it obvious cybersecurity issues. A focus on IT security that forgets OT security is decidedly ineffective. In this regard, it is specified that Cyber 4.0 provides special training in OT Security, dedicated to various business roles and will organize during 2023, events dedicated to this area;

To learn more about the training opportunities made available by the Cyber 4.0 Competence Center, you can contact the center directly by clicking here

Among the guidance tools dedicated to SMEs on cybersecurity made available by the Cyber 4.0 part is the methodology used by the Competence Center so that SMEs can know their weaknesses and guide their investment choices: the Cybersecurity assesment.

The day ended with a goodbye to the next leg of the Roadshow to be held in Abruzzo, L’Aquila, on December 16, 2022.