In the last year, given the exponential use of smart working, hacker attacks on both private and public entities have increased dramatically. Among the various sectors at risk, we also find the public administration which has never been at the highest levels when it comes to cybersecurity. This was also highlighted in the document of the National Center for IT in Public Administration entitled «First Report on the State of ICT Security of CAPs».
In recent years the situation has improved greatly also following the various regulations aimed at mitigating the problem of cyber security but to date we are still not prepared to face the real risk that PAs run in terms of privacy.
What are the risks?
The risks of a cyber attack on PAs may concern:
- Deprivation or theft of information
- Block of services
- Alteration of authoritative levels
- Destruction of control and monitoring systems
These risks can materialize through:
- Malware infection
- Cyber attacks
- Credential/identity theft
- Degradation/interruption and destruction of service.
Often, unfortunately, the weak link in the chain is the general employee, who is not adequately trained on cyber security issues. Precisely for this reason we not only need adequate technologies but also a culture of safety. While much emphasis has been placed on the culture of digitalisation, little has been done to raise the level of awareness of the risks this would entail. Cyber security has always been approached with a «technical» approach but without teaching how to prevent them. In practice, it is like giving a driving license without teaching the rules of the road.
What the legislation provides
As established in the various Three-Year Plans for IT, public administrations should have a specific activity on ICT security issues. In force Piano 2020-2022 there is a dedicated chapter: the obligations for the public administration in terms of protection of personal data should be coordinated with the management of cybersecurity to avoid duplication, lack of alignment of activities and in any case less risk management.
But an important element is that security in public administration is not an option: European legislation on the protection of personal data requires specific and rigorous security measures with heavy penalties for non-compliance; the so-called EU NIS Directive and the related Security Perimeter require the protection of their services with adequate security measures with obligations on internal supervision and also in this case at the risk of high sanctions.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
