A recent study by Surrey University illustrated that cybercrime is not only an illegal practice that exploits the internet, but it has also become a proper economy that generates 1.5 trillion dollars of income every year. The Washington Research Institute indicated Italy as one of the 10 countries most affected by cybercrime.
An Italian newspaper described 2018 as a terrible year in terms of cybersecurity, and 2019 does not seem to be any good either, considering the accuracy of experts’ anticipations.
Hacker attacks and data theft cost around 900 million dollars per year to Italian companies. The fruit and vegetable sector is affected by this problem as well. We try to shed some light on the matter with the attorney in law Gualtiero Rovada, advisor for Fruitimprese, who has been following the phenomenon for years.
FreshPlaza (FP): The 679/2016 EU Regulation about privacy, although cumbersome, made the companies more aware of cybersecurity. What are your thoughts?
Gualtiero Roveda (GR): Frauds are increasing. Cybersecurity has become a crucial element for companies, regardless of their size and sector.
FP: The fruit and vegetable sector is affected, as well. There have been numerous cases of companies hit by bank transfer scams.
GR: As transferring money digitally became a common practice, the spread of malware has been facilitated by the exchange of emails, which could be infected and therefore potentially spy companies’ data.
FP: How does the fake IBAN scam work?
GR: These are the so-called ‘Man-in-the-mail’ or ‘Man-in-the-middle’ scams. In other words, cybercriminals hack the company’s communication system and thus they could change the text or the attachment of an email. Unknowingly, the company sees an email from a supplier whose IBAN has been substituted, either in the text itself or in the attached invoice. The BEC scam (Business Email Compromise) is very sneaky. This is also called ‘CEO fraud’ or ‘Boss’s scam’: the employees receive an email communication from their boss (be it either the CEO, the president or any other head figures) who asks for money to be paid via bank transfer. Of course, the reported bank account is owned by the cybercriminal.
FP: What are the defensive measures?
GR: The golden rule is to always check personally the veracity of the bank accounts, both in the case of a first transfer or a variation, and it is also crucial to make sure of the authenticity of the payment.
FP: What is the Cryptolocker malware?
GR: It is a ransomware. The fraud is usually carried out through an email that infects the companies’ operating systems – oftentimes in bitcoins – for the decryption. The malware is contained in an apparently innocuous attachment. Usually, it is a fake electric bill or invoice which, upon opening, releases the harmful software.
FP: What is the situation in Italy?
GR: A recent research by Trend Micro illustrated that Italy is one of the countries most affected by ransomware. In 2019, according to the Kaspersky Lab analysts, companies should be particularly careful of their web hardware, as they will be increasingly hit by attacks aiming at blocking the production to ask for a ransom. Usually, factories and productive plants are not as protected and prepared as the financial sector. The majority of fruit and vegetable companies have not yet adopted the necessary protection against the latest cyber attack techniques. Therefore, they are easy targets, especially in light of the fact that these companies cannot stop production.
FP: What to do, then?
GR: Be aware of the danger. Also, it is important to point out that phishing is still the most efficient technique for criminals to access companies’ data. They can recover passwords through calls (viching), SMS (smishing) and even through fax.