Monday, April 29, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Siae will defend itself with Leonardo against hackers

3 years ago babelfish

Siae will defend itself with Leonardo against hackers

After the cyber attack suffered, Siae will rely on Leonardo to enhance cyber security

Siae will rely on Leonardo for its cyber security.

After the "data breach" attack, claimed by the Everest group last week , the Society of Authors and Publishers ran for cover.

Attackers exfiltrated some 60 gigabytes of data and demanded a ransom to prevent publication. The attackers asked the company for a ransom of 3 million in Bitcoin in order not to spread the data on the dark web. The documents stolen are 28 thousand.

On 21 October, Siae, "on the basis of the evidence gathered to date, informs its associates, principals, employees, users of the repertoire that a criminal group has copied certain files present in the Company's document system, mainly pdf files".

"In addition, have been put in place other rafforzative security measures with the involvement of leading cyber security companies like feedback" has made it known in the known widespread Society of Authors and publishers.

And from 22 October there will also be Leonardo, "a company of absolute level and undisputed ability – continues the note – in the management of security incidents, recovery and protection activities, able to support Siae in dealing with the particular criminal capacity of the attackers , already known to the police ”.

In the meantime, on that very day, talking with Roberto Baldoni, director of ACN on the occasion of # Spazi2021, the title given to the 36th Conference of Young Entrepreneurs of Confindustria, the president of Leonardo Luciano Carta Leonardo spoke about the cyber attack on the Siae. Corriere Innovazione reports it .

Carta then pointed out "SIAE also had a perimeter that should have protected it from attacks, but it was not enough".

In 2020, the company implemented a new IT security system “significantly more performing than the previous one. The service is active 24 hours a day and includes the monitoring and management of the infrastructure, together with some services that guarantee SIAE a high level of security against the most advanced cyber threats, both proactively and reactively ", reads a report by Siae. .

All the details.

THE EXFILTERED DATA

As Siae itself communicated on 21 October, the company is therefore “continuing to evaluate the effects of the access undergone. It should also be noted that unfortunately the attack involved files relating to different types: personal data; contact details (email, telephone numbers); bank details (IBAN); data reported on identity documents and data reported on the SIAE membership forms relating mainly to the years 2019 and 2020 ".

DESPITE THE IMPLEMENTATION OF A SOC H24 SECURITY SERVICE

Yet just a year ago, the company had “implemented a SOC / CSIRT (Security Operations Center / Computer Security Incident Response Teams) security service. This service, active 24 hours a day and consisting of Monitoring and Management of the Security Infrastructure together with some advanced services such as CSIRT, Threat Intelligence and Software Analysis, guarantee Siae a high level of security against the most advanced cyber threats, both in proactive and reactive modalities ”reads the report to Parliament on the Company's report for 2020.

THE NEW IT SECURITY SYSTEM

As stated in the 2020 Management Report , "thanks to the SIEM (Security Information and Event Management) system, the SOC SIAE is able to detect" anomalies "in IT systems by sending alarm messages in real time to a 24-hour operational center which proceeds timely analysis and resolution of the threat. The processes and operating procedures of interest for safety management have been defined and integrated and are maintained with a view to continuous improvement ".

THE MAIN COMPONENTS

“The main components of which the new security system is composed are the following: SIEM Splunk: management and monitoring system for Security Incidents; Firewall Checkpoint: monitoring and control of incoming and outgoing traffic on the basis of established security policies; Forcepoint web content filtering: Category-based web browsing control and dynamic content analysis; Forcepoint Antispam: Detects spam and phishing by blocking advanced threats such as ransomware before they begin to act. It also integrates specific advanced malware analysis for inbound protection, content filtering for outbound data control; Trendmicro Scanmail: Blocks malicious emails, providing real-time protection and email reputation services; Trendmicro Antivirus: antivirus management on SIAE, Agent and Server workstations ".

WHAT THE SIAE WILL DO

Yet the new cybersecurity system was not enough.

Also in the statement of 21 October, the company led by the general manager Gaetano Blandini, announced that "all interested parties will receive timely information on the specific data concerning them as soon as Siae has finished the analysis of the content of all the individual files".

ENGAGE FEEDBACK AND LEONARDO

After that, SIAE added that it had hired Leonardo and Feedback as consultants to solve the problem.

THE POSITION OF LUCIANO CARTA, PRESIDENT OF LEONARDO

Finally, Leonardo himself spoke on the issue of cyber security, citing the Siae case.

"SIAE also had a perimeter that should have protected it from attacks, but it was not enough", pointed out the president of Leonardo.

After that Luciano Carta noted that "Involving not only the public sector, but also digitally-savvy companies, universities and research centers in a collective effort, which will never come to an end, like the Sisyphean effort, but which will bring much further away, if faced together ".

“Once we were faced with specific enemies – recalled President Carta -. Today the complexity of an increasingly digitalized, connected and automated world has instead pushed us to defend ourselves from attacks by unknown persons ”.

Finally, Leonardo's president recalled that in Europe, after Spain, Italy remains the most attacked country. «On the other hand, we have only been activated for a short time», concluded Carta, “while in France and Germany they were pioneers in activating certain systems twenty or even thirty years ago. And smartworking has dramatically expanded the platform that can be attacked ".

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/la-siae-si-difendera-con-leonardo-contro-gli-hacker/ on Mon, 25 Oct 2021 23:38:57 +0000.