eLearning courses: Cyber Security

What is CyberSecurity?

Cybersecurity is the practice of defending computers and servers, mobile devices, electronic systems, networks and data against dangerous attacks. Cyber ​​security is mainly focused on the protection of computer systems (computers, telecommunications networks, smartphones, etc.) and information in digital format from internal and, above all, external attacks. Other terms used alternatively and previously are IT security, ICT security, information security and information security.

Beyond the terminology, cyber security is a very practical discipline. It deals with protecting IT systems from concrete threats that have a significant probability of being realized, among the many that would be conceivable. In this, it can be seen as a risk management tool. The risks in fact are practically never null: the security measures are used to reduce the risks, almost never to eliminate them.

What are some examples of cyber attacks that require Cyber ​​Security?

The most common cases of hacker attacks are:

• Brute force attacks (brute force) and secure passwords: thousands of hackers try to penetrate websites and services on the internet every day, but they don't do it by hand, they use specialized programs that prove thousands, if not tens or hundreds of thousands, passwords per second, and they do it twenty-four hours a day;
• Phishing attacks: it's about convincing the user to use their credentials on a "fake" site, managed by the attacker, but which looks like the original one. Once the user has entered their private credentials they are "stolen" and used by the bad guys for other purposes;
• Ransomware (like Petya, Cryptolocker, WannaCry, etc.): these are hostile programs (malware) that, once installed on a company computer, encrypt the data files they have access to , so that the company is forced to pay a ransom to get the decryption keys.

What obligations do companies have to protect data and information?

The reference regulations for the protection of data and information (Standard EN IS0 / IEC 27001, European Regulation (EU) 2016/679, Legislative Decree 231/2001) impose a series of obligations for the companies that manage data and information, whether corporate, personal or customer, in order to ensure that the processing is carried out in compliance with the rights of all parties involved, with particular reference to the security and protection of data and information. Companies that manage data of any kind have a duty to preserve its confidentiality, integrity and availability, so that such information cannot be violated through Cybercrime attacks by unauthorized third parties.

What is the Cybercryme?

The cyber crime (or cybercrime) consists of a criminal activity, analogous to the traditional one but characterized by the abuse of information technology components (both hardware and software).

Cybercrime (whose ultimate purpose is to steal information, money, or both) causes losses in turnover, customers, reputation, additional costs not budgeted to solve the damage of the attacks: in some cases even the survival of the company itself. But also damage to the health of the workers involved.

How to protect yourself from CyberCrime?

Technically, the tools to protect yourself from CyberCrime are mainly two: abandon the simple password in favor of strong authentication mechanisms, and monitor accesses to detect anomalies. The two mechanisms can be put together to use only the password when it comes to "normal" accesses or for less critical operations, using instead strong authentication for anomalous access or critical operations.

What training do you do for cybersecurity?

Those who process data and information in the company must be prepared to deal with cybercrime from a special training course that gives them an overview of cybersecurity and an in-depth analysis of the risks and responsibilities in the processing of data and information through the use of IT devices.

This training aims to make the worker aware of IT risks, stimulating his active participation and the ability to recognize the different types of attacks to manage a first defense against cyber crime.

Who should do the training for CyberSecurity?

Training in Cyber Security must be aimed at all workers who use IT tools both in the office and in smart working mode. The topics of this training are the definition of the most common forms of attack and the analysis of users' wrong behaviors, which allow and encourage the implementation of computer crimes; civil and criminal liability arising from the processing of data and information; the penalties provided for in the event of failure to apply security measures; the presentation of good practices that the user can put in place to face these threats.