In the last few days, Italian online services and sites, including the websites of the Senate and the Ministry of Defence, have suffered a cyber-attack from a group of Russian cybercriminals. Vittorio De Luca, from Studio De Luca & Partners said:
“Cyber-attacks are a daily occurrence and no one can consider themselves safe. Attacks on institutions cause a stir, but for years hundreds of companies suffered daily attacks from cybercriminals. These attacks have a considerable impact on productivity and lead to data theft, service disruption and image damage. Robust cyber security is essential to protect a company’s knowledge assets and ensure business continuity. GDPR requires small and large companies to conduct a survey of their cyber risk exposure and the impact they could have on their business. An “incident” response plan must be prepared, security policies and measures to protect the IT system must be adopted. There must be periodic audits. It is essential to raise employee awareness on cyber security through training sessions, so that they can recognise and deal with the various threats. Protection from cyber-attacks takes place in two phases – prevention and protection. If there is a successful attack, companies must inform the data protection authority, and initiate a data breach procedure within 72 hours of becoming aware of the violation.”