First CYBSEC-EXPO fosters collaboration to combat evolving cyberthreats
With AI-powered cyberattacks on the rise and ransomware payments skyrocketing, this brand-new event brought together industry leaders to share knowledge and advance cybersecurity protection across a broad range of sectors from manufacturing to healthcare.
The inaugural CYBSEC-EXPO, held alongside Pipeline & Gas Expo at Piacenza Expo in Italy (29th-31st May 2024), drew a combined audience of 2,500 visitors with some traveling from as far as the Middle East and South America. The initial feedback was positive, and exhibitors reported valuable networking opportunities with participants of both events.
The co-location stemmed from cybersecurity concerns voiced by participants at the last edition of Pipeline & Gas Expo in 2022, following the high-profile ransomware attack on Colonial Pipeline in the USA in 2021. An exhibitor survey at Pipeline & Gas Expo 2024 underscored this concern. Nearly a quarter of respondents reported experiencing cyberattacks, and almost 90% identified cybersecurity as a major industry challenge. Furthermore, two-thirds expect increased cybersecurity investments within their companies over the next two years, with the holdouts citing their recent implementation of new defence measures.
Not solely focused on the pipeline and gas sector, CYBSEC-EXPO's conference programme emphasised the importance of cybersecurity across all industries - including logistics, manufacturing, and healthcare - to ensure operational continuity, avoid financial losses, and protect people from harm.
Securing connected and autonomous vehicles
The CYBSEC-EXPO conference program commenced with a focus on the evolving security landscape for connected vehicles. Truck manufacturers DAF and IVECO discussed securing over-the-air software updates for industrial vehicles - crucial for safe and reliable operation with features such as telematics, remote diagnostics, and even autonomous driving. In the same session, Gianenrico Griffini, a journalist at Allestimenti & Trasporti, presented the cybersecurity challenges of Freightliner's 2027 rollout of self-driving trucks in the USA, focusing on theft prevention and public safety.
Protecting operations and reputations in the port sector
Also in the logistics sector, a panel discussion featuring port operators and maritime services companies explored how robust cybersecurity not only ensures smooth operations but also acts as a competitive advantage. The panellists discussed how investing in cybersecurity can protect an organisation's reputation and build trust with clients and partners. SIET, an accredited certification body, reinforced this point in the exhibition area, highlighting the value of ISO 27001 certification for information security, in demonstrating a company's commitment to data protection and proactive defence against disruptive cyberattacks.
National defence in the evolving cyber threat landscape
The conference also addressed the evolving cyber threats faced by nations and how they are shaping defence strategies to protect sensitive information, military systems, and essential services. Statistics revealed the staggering global cost of cybercrime, estimated at $8.15 trillion USD in 2023. This figure - greater than the GDP of all nations except USA and China - underscores the urgency of cybersecurity for both economic stability and national safety and security. General Francesco Modesto encouraged young people to consider careers in this critical field, noting the exciting opportunities and competitive compensation offered by the Italian Armed Forces. Echoing this call for talent, ETLforma, an exhibitor offering customised cybersecurity training, reported a surge in demand from companies across various sectors also looking to improve cybersecurity knowledge within their organisations.
Understanding the NIS 2 Directive
Another seminar, sponsored by IT solutions provider GeDInfo, helped participants to understand their obligations under the NIS (Network & Information Systems) 2 Directive, a European Union law that aims to strengthen cybersecurity across member states. The NIS 2 Directive's provisions will be transposed into Italian law in October 2024, expanding the range of organisations impacted by NIS 1 and introducing more comprehensive requirements including risk management, supply chain security, and incident reporting, as well as stricter penalties for non-compliance.
Focusing on healthcare specifically, Carmine de Biase from Namiral discussed the implications of NIS 2 for the sector and presented a case study of how Namiral's multi-factor authentication solution secured access for a Bergamo hospital, balancing user convenience with robust security.
Overcoming ransomware, AI, and latency challenges
In the exhibition area, meanwhile, GeDInfo showcased its partnerships with leading cybersecurity brands Sophos, CyberSec Services, and Nakivo. Davide Benedetti, president of GeDInfo, emphasised the importance of leveraging best-in-class software from niche specialists to address the ever-evolving complexity of cybersecurity threats.
Ransomware remained a top concern. Massimiliano Catanzaro, sales engineer at Sophos, which specialises in managed detection and response services, provided statistics on the rise of ransomware payments - jumping from an average of $1.5 million USD in 2023 to $3.9 million USD in 2024. In partnership, Andrea Orsucci from backup and recovery specialist Nakivo, emphasised the need for rapid data restoration to minimise downtime after an attack.
The conversation then shifted to emerging threats. Giulio Scaccabarozzi, business developer at Novasystem, discussed the rise of AI-powered cyberattacks, facilitated by the accessibility of large language models like ChatGPT. However, Novasystem is also harnessing the power of AI for security purposes, using tools such as SLING for third-party risk monitoring and AimBetter for real-time diagnostics. Similarly, fellow exhibitor CyLock is leveraging AI in its Extended Vulnerability Assessment product, trained on data from Italian hackers over the past two years.
Alessandro Solari, CEO of Naquadria, which shared an exhibition stand with CyLock, highlighted the growing need for edge data centres. As cities become increasingly digitalised and generate more data, Solari envisions each city requiring its own edge data centre, networked to a larger central facility. This localised processing would minimise latency - crucial for applications such as real-time data analysis for autonomous vehicles.
Addressing growing threats to OT
CYBSEC-EXPO 2024 concluded with a focus on industrial cybersecurity. Micaela Caserza Magro, president of G.I.S.I. (the Association of Italian Instrumentation Companies), led a panel discussion addressing the 20-25% annual rise in cyberattacks on operational technology (OT) systems used in manufacturing, power generation, and transportation. She emphasised the importance of raising awareness about these growing threats, particularly with regards to the increasing digitalisation and automation within industrial processes and vulnerable legacy systems. Drawing a parallel with the earlier adoption of functional safety measures, Magro stressed that cybersecurity must follow suit as an essential and integrated element of industrial operations.
"We're thrilled with the positive response to the inaugural CYBSEC-EXPO," says Fabio Potestà, director of Mediapoint & Exhibitions, the company behind CYBSEC-EXPO and Pipeline & Gas Expo. "Bringing together leading industry professionals, academics, and government representatives, the event has embodied the spirit of collaboration, and we hope it has equipped participants with the knowledge and resources they need to protect their organisations in the digital age. We look forward to continuing these conversations and expanding on CYBSEC-EXPO as a platform to help create a more secure future for everyone in the years to come."