Believing our company is immune from potential IT attacks is both naive and very dangerous for the security of partners, suppliers, employees and customers. Let’s take a look at what happens when our company falls victim to an attack of this kind.
The three conditions of IT data
Let’s start with an understanding of the properties of IT data, which in order to be secure, must meet three conditions:
- Integrity: is the data inviolate? In other words, we must consider whether the data in our possession have maintained their initial form and characteristics. The only way we can do this is by verifying any permission given to make changes to them.
- Accessibility: for each item of information, there are individuals authorised to use it. When this possibility is removed, forcefully and unlawfully, we have a problem.
- Confidentiality: the confidential nature of the data requires verification. It is sufficient to consider whether our information is, rightly, reserved for those who have permission to use it.
When one of these points is compromised by an external activity, we have undergone an IT attack.
Some types of IT attack
Although it is of course impossible to imagine the full range of the endless scam operations that might be invented, we can maintain close control over the possible “access routes” criminals might use, based above all on the standard attack methods generally used.