IT security: how to carry out the risk assessment

IT Risk: some figures

The latest report published in March by Clusit (a well-known Italian observatory on security issues) leaves no room for doubt. In the context of a generalized increase in cyber attacks at a global level (the most serious ones against companies and institutions went from 1550 in 2018 to 2490 in 2022) Italy suffered as many as 190 last year, with an increase of 168% compared to the same survey of 2021. A data that may appear modest at a first glance, but is representative only of cases in the public domain, the tip of the iceberg of a much vaster and more hidden phenomenon (often hidden by the victims themselves who do not want to add to the economic damage suffered those of image towards customers and commercial partners ) whose gravity has grown exponentially in the last three years.

Dati sui rischi cyber

Why Risk Assessment Is Fundamental

A situation that makes it increasingly essential to know the exposure to cyber risk even in companies that, due to the type of business or data managed, had not until now been prime targets for cybercrime. A task that is accomplished with cyber risk assessment surveys tailor-made for the company and periodically repeated to deal with the emergence of new types of threats or changes in company processes or digital media. From the risk assessment, indications are obtained for implementing effective mitigation measures: from simple updates to the configurations of network equipment to the acquisition of new hardware or security software, going through the training of people. The time has gone forever when, with simple standard firewall and antivirus components, acceptable levels of defense could be guaranteed.

Putting Risk Assessment into Practice

The essential points for the assessment of cyber risk concern the analysis of the IT infrastructure, networks, interconnections with online and cloud services, and policies for accessing applications and data. It also needs to assess the capabilities of existing firewalls, VPNs, endpoint protections, and application software against exploits and new attack methods used by cybercriminals. An effective assessment must also go beyond the technical level, understanding people and processes in ways that are best suited to the type of company and the business sector. BinHexS has the experience to carry out complete and effective risk assessments in the most diverse business areas. It adds to offering security consultancy, building infrastructure, and services to improve operational resilience, and ensuring business continuity.