Cyber attack: setup an information security management system
How many times have you been the victim of a cyber attack?
If you don't think you have, you may have been an unwitting victim and perhaps by now your sensitive data is available on the network to anyone who wants to make criminal use of it.
Virus, malware, phishing, are terms now known by most and many of us have been victims in recent times from attacks of this kind.
On February 9th the "Safer Internet Day" was celebrated, a day established by the European Union in 2004 and dedicated to raise awareness of the risks involved in using the Internet.
Among the main themes proposed there is also privacy and data security: it is an objective of the project to give information to internet users, that allow to prevent attacks of this kind, through the use of specific programs but also sensitizing users to have a careful eye when we receive emails from strangers, when we receive invitations to connect on social networks or when we visit non-institutional internet pages.
Internet user awareness and education is an important aspect, but a big job must be done also by companies that offer services related to data and information operating (who doesn't do it by now?) on the Internet.
A report on ICT security in Italy in 2020 recently published by Clusit, the Italian Association for Information Security, founded in 2000 at the Department of Informatics of the University of Milan and now representing over 600 organizations from all sectors of the country, has highlighted that cyber attacks in the period of the Covid-19 pandemic have not stopped, but on the contrary, they have increased exploiting the moment of vulnerability of networks, also due to smart-working, and conveying false information to end users at a time when our attentions were turned to other things and we were therefore less careful and more vulnerable.
What should companies do to try to limit attacks and information loss?
All those companies that make data a cornerstone of their business, must adopt behaviors that limit the possible loss of data and information: they must adopt an information security management system.
This particular modus operandi has been standardized with ISO 27001, with a first version of the standard released in 2005, which contains the requirements to set up and manage an information security management system.
The standard, which has been updated over the years to the current 2017 version, aims to protect data and information from threats of all kinds, in order to ensure their integrity, confidentiality and availability and to establish a system for risk management, protection of information and business assets, including IT assets.
The standard is applicable by any type of company or public entity as it is independent from a specific business, organization or purpose of the same.
The case of The ID Factory is an example of this, as it is a company that has developed and made available software for the fashion supply chain and collects a huge amount of data and information from the supply chains of fashion brands.
This standard, like the better known ISO 9001, is voluntary and has only recently become a requirement for those companies that want to work with public administrations.
In the private sector, on the other hand, a certain propensity to apply this standard has been noted by companies that want to anticipate the future requirements of clients and for those who want to guarantee their clients peace of mind in a particularly sensitive area.
