Following the hacking of the new Italian PM Matteo Renzi’s website this week, I would like to take a look at cyber crime in my home country – Italy.
On 13th December 2013 Matteo Renzi’s website was hacked and taken down for 24 hours by a DDOS attack. A hacker called RenziHack AKA stole the usernames, emails, passwords and telephone numbers of 430,000 of Renzi’s political organisation’s members, including donors and supporters. The hacking of Renzi’s website resembles the attack that happened in 2012 to another political leader, Beppe Grillo. Before this, there were also several website attacks on other members of political organisations.
In Italy the government sector was the most attacked in 2012, suffering 129 public attacks according to the Italian Information security Association Clusit report. 32% of Italian cyber crime was directed at the government or political organisations, whereas 15% was directed at the media and entertainment sources. Despite a large increase in the internet usage in Italy, there is still a lack of awareness of the risks associated with poor information security. The Norton Cyber Crime 2012 report stated that cyber crime in Italy costs €2.45 billion in 2012 and that 62% of Italians have experienced cybercrime at least once in their lives.
In 2011, cyber criminals hacked the Italian National Computer Crime Centre for Critical Infrastructure Protection (CNAIPIC), stealing 8GB of secret documents and posting them on the internet. Below is a small picture of the files.
Italy has strong cybercrime laws and strict privacy laws and yet it is ranked as the country with the 7th highest incidence of cybercrime in the world. This is due to the level of government and political data attacked over the years.
In January 2013, the Italian government published its cyber strategy, the “National Strategic Framework for cyberspace security”. In its first part, the document states current cyber trends, making reference to vulnerabilities and the second part highlights measures to improve national cyber defence capabilities. The Italian government identified six strategic guidelines in order to develop the country’s preparedness and resilience. These strategic guidelines will work along 11 operational guidelines which list high level operational measures.
As the techniques used by cyber criminals to access companies’ financial information are becoming more advanced, they are also shifting their interest to government and political organisations’ information. IT Governance in Europe is the leader in information security and ISO27001 products and services, and highlights the necessary precautions for businesses to mitigate the cyber threat. ISO27001, for example, is a globally recognised framework that sets out the best practice for the implementation of an Information Security Management System (ISMS) to reduce organisations’ cyber risks. For further information on ISO27001, I would recommend downloading the free Information Security and ISO27001 Green Paper, which will increase information security knowledge for organisations that want to avoid cyber attacks. Additionally, if you would like to further your knowledge on ISO7001 and would like guidance on implementing the standard in your organisation, then read The Case for ISO 27001.