ICT security in the digital transformation era
by Katia Valtorta, Dario Garante, Nicola Giannelli, Walter Sala, Marco Giani
Do organizations need digital security strategies?

The rise of digital transformation and cyberspace, as a result of the Internet of Things (IoT) and Industry 4.0 spreading, will increase the risk of cyber-attacks. Public and private organizations need to define strategies, organizations, processes and how to manage the information capable of mitigating cyber threats, while remaining aligned with security, confidentiality and traceability requirements for compliance with recent regulations.

The digital security need

Digital transformation is radically changing society and the international economy, favoring new political and social interactions, as well as new economic and commercial transactions. New technologies and initiatives, such as the Internet of Things (IoT) and Industry 4.0, are leading the evolution of “net” use, introducing new users and increasing the quantity and the types of data. The process of network-access cost reduction and the increasing diffusion of broadband will boost internet traffic in the next years: high growth rates been 2015 and 2020 are expected everywhere, with peaks of more than 40 percent in the Middle East and Africa. Cisco foresees a monthly worldwide increase, from 88.7 exabytes in 2015 to 194 exabytes in 2020 (CAGR 17 percent). The adoption of new digital technologies is increasing the cyberspace and, consequently, related risks.

The cyber risk

Cyber risk is the operational risk associated with organizations’ economic losses caused by data and/or information systems being unavailable, lack of integrity or confidentiality failure. Its origin can be accidental (e.g., shutdown of a server) or intentional (e.g., theft of sensitive data). In the latter case, cyber attacks represent the main threat: mainly automated actions designed to disrupt, damage or hamper normal system operations, networks or processes. Various potential consequences can be caused by a cyber-event that is either internal or external to the organization, such as interruption of activities, reputation/image damage, dissemination/violation of confidential data, violation of intellectual propriety and legal actions. Cyber-attacks are carried out using “cyber weapons”: malicious software (abbreviated “malware”) specifically designed to damage or modify an information system.