Security Summit Streaming Edition 2021 ended last week.

Organized by Clusit, the Italian Association for Information Security, and Astrea, an agency specializing in the organization of events in the field of Information Security, Security Summit is the event dedicated to promoting the culture of Cyber Security in Italy.

The November edition focused on current events: between data and analysis of new threats, the Clusit experts also explored the new role of the Intelligence and Defense of the Country System, with some of the protagonists of the political and security world that accompanied the birth of the National Cyber Security Agency.

In particular, during the plenary session on the first day of November 9, 2021, the Clusit Report on ICT Security in Italy in its October 2021 Edition was presented with our data on cyber attacks.

In the first half of 2021, we analyzed 1,053 cyber attacks, 24% more than in the same period of 2020, for a monthly average of 170 serious attacks (it was 156 in 2020).

Attacks carried out for Cybercrime purposes increased by 21%, which today represent 88% of the total.

Attacks related to Information Warfare are also growing (+ 18%), the so-called “information war”, while those related to Cyber Espionage activities apparently decrease (-36.7%), after the extraordinary peak of 2020 mainly due to espionage related to the development of vaccines and treatments for Covid-19.

Among the victims, the “Government” category represents 16% of the total and is confirmed in first place, as in the previous semester, while in second place we find Health, (13% of total attacks).

Attacks on the Transportation / Storage (+ 108.7%), Professional, Scientific, Technical (+ 85.2%), News & Multimedia (+ 65.2%), Wholesale / Retail (+61, 3%), Manufacturing (+ 46.9%), Energy / Utilities (+ 46.2%), Government (+ 39.2%), Arts / Entertainment (+ 36.8%), Healthcare (+18.8 %).

Attacks towards the “Multiple Targets” category decreased (-23.4%), which makes us understand the change of strategy by the attackers who at this point prefer targeted attacks and towards well-identified targets.

In the first half of 2021, attacks on European-based realities increase significantly: a quarter of the attacks are in fact directed towards this area (+ 9% compared to 2020).

The percentages of victims in the American area (almost half of the classified attacks) and those belonging to Asian organizations remain substantially unchanged.

On the other hand, serious attacks on targets with offices distributed in different countries decrease in percentage (16% in the first half of 2021, compared to 24% in 2020), which, once again, makes us understand how much attackers prefer to target more defined targets.

Malware is the most used technique, accounting for 43% of the total (up 10.5% over the previous year).

Unknown techniques (“Unknown” category) are in second place (+ 13.9%), surpassing the “Vulnerability” category, which is growing worryingly (+ 41.4%), and “Phishing / Social Engineering”, which is slightly down (-13%).

In essence, attackers can still rely on the effectiveness of Malware, produced industrially at decreasing costs, and on the exploitation of vulnerabilities, to hit two thirds of their targets (59% of the cases analyzed).

Furthermore, in the first half of 2021 attacks with very important and critical effects are 74% of the total (they were 49% in 2020), while 22% have a significant impact and only 4% low.

Basically, from the trends highlighted in the first 6 months of this year, it is evident that cyber attacks are constantly increasing, both in terms of frequency, criticality and impacts.

The situation can be defined as a global emergency: the losses due to damages caused by Cybercrime amounted to $6 trillion in 2021 and now account for a significant percentage of world GDP.

We hope that the new investments for the digital transition will represent an opportunity for Italy to catch up and fill its gaps also in the Cyber Security field, to lead to a significant reduction of the surface of the country’s attack.

Otherwise, the risk is to introduce new but insecure technology, with the result of worsening the Italian situation overall.