The riskiest and least controllable part, when we talk about Cyber Security, is the human factor. Information security isn't just cybersecurity, and everyone devices are vulnerable. So how do companies protect themselves? You put the information into the system, you understand the 'weaknesses' of a company and you act accordingly.

A bit like he did IBM in his project with Arneg, a company in the retail sector that gave its testimony yesterday, October 21, at the second appointment of “Wine for Thought - A glass to savor the future”, the event organized by Crclex and Blum in collaboration with IBM, Infocert and Sanmarco Informatica, which saw the discussion on cybersecurity ignite in the ancient bastions of Padua of the Massimago Wine Tower.

“On average, companies notice a cyber attack after 200 days,” he says. Giuseppe Puleo, Manager of Security & Privacy Consultants, Security Strategy, Risk & Compliance Services by IBM Italy -. It's like having a burglar in your house and realizing it after 200 days. We will never have 100% security, the risk will always exist. The Internet of Things will have many benefits, but we must be careful: all our devices are vulnerable. From baby monitor to pacemaker. It is necessary to think in terms of risk analysis: in its methodology, IBM follows particular digital areas that produce information that makes me understand and control anomalies, which may correspond to the “weaknesses” of the system. Understand the problems they face from the inside, understand what to protect, understand which are the actors that could exploit the threats.”

“For us, a problem has become an opportunity — he says. Claudio Canepa, Hi from Arneg -. In 2015, we were attacked three times by ransomware, a virus that encrypts your information and asks for a 'ransom' to get it back. This has led to reflection. Security was not as properly managed as we thought. These viruses have been inserted by a human factor, so such a problem cannot be managed at IT levels, but at the human level. From there, reasoning was born, which brought attention to security. The objective of our project was to find a tool that would allow us to manage a problem. We therefore chose to undertake a journey with IBM, which led to analyzing daily practices and bringing them to the system, understanding how to identify critical issues, and setting up a cybersecurity course in the company, to raise awareness of the problem and increase awareness of digital problems, remembering that Information security is not (only) IT security”.

“One of the most important steps for SMEs is to set up a system to manage,” he explains. Annagiulia Pedrazzoli, IT Security Consultant at IBM -. How do we do it? With the 27000, the standard that makes it possible to define the security management system. I'm finding a gap. What should I do to fill it? I create an intervention sheet and a roadmap, which includes a long-term investment plan. Once it's defined, I can tell if it stays standing. To create it, I have to understand the company, try to understand what is already there and how to improve it. Together we understand and build a process, to reduce accidents.”

Next appointment11 November, again at the Massimago Wine Tower for “Fintech and Digital payments — the impact of new technologies on business models”, in which they will intervene Gianluca Di Nunzio, Head of Legal Italy Spain and Portugal of PayPal, Walter Aglietti, Software Lab Director of IBM and Nicola Possagnolo, Managing Partner of Noonic.

‍