Blue safety locker on a digital screen

Navigating cybercrime and the importance of cybersecurity

Supply chain ransomware attacks are on the up, but leading industrial players such as GDM are one step ahead of the game and are attaching growing importance to cybersecurity.

Cybersecurity: a changing landscape

On July 2, 2021, Kaseya Limited - an IT solutions developer for Managed Service Providers (MSPs) - fell victim to a supply chain ransomware attack. Kaseya urged its clients to shut down their remote monitoring and management systems to prevent threat actors from distributing ransomware through the software. But it was too late. In the end, 50 direct customers and up to 1,500 businesses downstream were compromised by the attack[1][2].

Today’s cybersecurity landscape is changing at neck-breaking speeds. As new attack vectors, actors, regulations and directives come into the fold and the number of critical failure points increases, it is hard for companies to keep a handle on the situation. 
And the COVID-19 pandemic has hardly helped matters. The mass migration to remote work in 2020 accelerated the large-scale adoption of web-based platforms and devices[3], resulting in a +435% rise in ransomware attacks (a type of malicious software designed to block access to a computer system until a sum of money is paid) and a +358% rise in malware[4] (a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service or network)[5]
This increase in cybercrime left many IT teams fighting fires as they attempted to prevent threat actors from launching attacks on personal connections, using the Internet-connected devices in employee homes as entry points to corporate networks.[6][7]

As businesses start to digitalize their physical supply chains, they are unwittingly leaving themselves open to new vulnerabilities, sophisticated attacks and ransomware threats. The average ransom costs doubled in 2021 alone[8] and only 8% of businesses that paid a ransom got all of their data back.[9]  

The importance of adopting adequate protections against cybercrime

It will come as no surprise that cybersecurity is becoming incredibly important for companies of any size operating in and outside the Disposable Hygiene industry. Although new technologies can help improve efficiency, quality and productivity, these developments also expose companies to novel forms of cyber risk. 
Cybercrimes such as ransomware cost businesses hundreds of millions of dollars a year and malware threats can have grave consequences on production chains, causing businesses to lose out on money, time and productivity[10].

One of the most proactive ways businesses can prepare for potential attacks is to ensure their OEMs have put adequate protections in place to prevent exposure to vulnerabilities and financial risk. In addition, time has come for businesses to take heed of international cybersecurity standards such as IEC 62443, which recommends a series of cybersecurity processes, policies and procedures for industrial automation control systems
Companies can also benefit from adopting a comprehensive approach to cybersecurity, ensuring that their security packages cover all bases, including apps and services, hardware platforms and components, operating systems, and external application programming interfaces (API).

GDM’s approach to cybersecurity in an increasingly digital world

Companies in the Disposable Hygiene industry may feel overwhelmed by the increasingly complex task of protecting themselves against cyber threats, but GDM can help break the process down into manageable chunks. 
We have always closely monitored the cybersecurity of our internal systems and have considered, analyzed and optimized all aspects of our business. 
At GDM, we understand that cyber is playing an increasingly important role in digitally focused industrial sectors, and we have made it our mission to focus on training to create a culture of safety at our company and client companies. We have also dedicated our efforts to the digital development of the industry, investing a significant percentage of the turnover each year. 

Cybersecurity demands have only been compounded by the increased reliance on virtual machines, cloud environments, IoT devices, and digital production chains, to name but a few. 
We have adopted a holistic approach and are turning our attention outward by exporting our services, providing clients with advice, and ensuring that our end customers comply with international standards and mandatory directives.

In short, it is important to remember that cybersecurity:

  • Protects entire organizations, not just IT systems
  • Improves the resiliency of industrial networks
  • Keeps critical systems running
  • Protects the financial results and reputation of organizations

It can take years to recover from a devastating ransomware attack such as the one suffered by Kaseya in 2021, which is why pre-empting and managing risks with a robust cybersecurity policy is so important. 
By following the guidance of GDM and adopting a holistic approach to networks and assets, companies in the industrial sector can effectively streamline their security policies and practices, thereby standing themselves in good stead for future success.

Head to GDM’s website to learn more about GDM’s approach to business and how we can help customers cover all bases.

 


[1] Source:ZDNet
[2] Source:Checkpoint
[3] Source:Global Risk Report 2022
[4] Source:Global Risk Report 2022
[5] Source:McAfee
[6] Source:Sumo Logic
[7] Source:ENISA Threat Landscape – A Year in Review
[8] Source:Forbes
[9] Source:Sophos
[10] Source:Forbes
CONTACT US!
Form

PRIVACY POLICY UNDER ART. 13 OF EU REGULATION 2016/679 (GDPR)

1. General provisions

1.1 Introduction. Coesia S.p.A. (“Company”) is the holding company of an industrial group made up of several entities operating internationally (“Coesia Group’ Companies”), including, in particular, the Coesia companies listed on the website as hereby defined. Company, in accordance with the Coesia Group commitment to international compliance with data protection laws, is accordingly committed to protecting personal data collected through the “Contact us” form of the Coesia Group Companies’ websites (“Website”), according to any national legislation in force on personal data protection (“National Data Protection Laws”) and the EU General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing the Directive 95/46/EC (“GDPR”). This Privacy Policy explains how information and data identifying individuals (“Personal Data”) received by Coesia Group’ Companies through their Websites are processed.

1.2 Joint-Controller. Coesia S.p.a. and its worldwide affiliates (“Coesia Group”), act as joint-controllers under art. 26 of GDPR of the personal data that you decide to provide us through the website.

1.3 Amendments. Coesia Group reserves the right to amend and update the Privacy Policy because of any further new or revised provisions of any national and EU laws and regulations on personal data protection. Any new release of the Privacy Policy shall be published on the Website as a replacement of the previous version and shall be valid and enforceable from the publication date, unless otherwise specified.

1.4 Applicable rules. Coesia Group processes Personal Data in accordance with: (i) provisions of National Data Protection Laws in force as of the date of the Privacy Policy; (ii) provisions of the GDPR and, in particular, with the principles set forth in the same, such as, inter alia, lawfulness, fairness and transparency, purpose limitation, data adequacy and minimisation, accountability, accuracy, and – prior to any processing activity – the principles of privacy by design and privacy by default; (iii) guidelines and decisions issued by the competent supervisory authority (“Supervisory Authority”).

2. Data subjects and scope of application

2.1 Data subjects. Coesia Group processing activities relate to any individual who decides to fill in the “Contact us” form on the Websites. For the purposes of this Privacy Policy, these persons are to be intended as Data Subjects, as defined in the National Data Protection Laws and in the GDPR.

2.2 Scope of application. The Privacy Policy shall be applicable to Data Subjects, provided that Coesia Group’ Companies, in their capacity as Joint-Controller, are only liable for the processing of Personal Data, which are under its own powers, duties and liabilities.

3. Types and source of processed Personal Data

3.1 Source. Coesia Group processes the Data Subjects’ Personal Data – as hereinafter specified – provided directly by the Data Subjects through the “Contact us” form of the Websites.

3.2 Identification data. Coesia Group processes Data Subjects’ Personal Data, that consist of your identification data (such as, for example, name, surname, company, e-mail address, citizenship, city, phone number ecc.). Furthermore, Coesia Group will process all information – which however shall only include – if any - common personal data - that you will decide to provide us through the “Message” field in the “Contact us” form on the Websites.

4. Legal basis for and purposes of processing the Personal Data. Period of data retention

4.1 Legal basis. The legal basis for the processing of Personal Data is: (i) the execution of a contract or pre-contractual steps to be taken at the request of Data Subjects prior to entering into a contract about purpose under art. 4.2 A); (ii) the consent given by Data Subjects to the processing of their Personal Data; (iii) Legitimate Interest about purpose under art. 4.2 C).

4.2 Purposes. Coesia Group processes Personal Data for the following purposes, as specified in the table here in below, in which is furthermore highlighted (a) if an express consent to processing of Personal Data is needed (or not ) as well as (b) the period of data retention:

Purposes

Consent

Data retention

A) Processing of personal data in order to reply to queries concerning the company activities

Not required

Until the purpose is achieved

B)    Processing of personal data in order to send newsletters, promotional and advertising and/or other materials for marketing communication purposes by Coesia Group’s companies

Required

Until the withdrawal of consent or until a denial has been communicated

C)    
Processing of personal data in order to send to customers email marketing communications, concerning Coesia Group’s services or products similar to those already supplied, by virtue of previous business relationship (“soft spam”), unless a communication to refuse or unsubscribe from marketing (“opt out”) has been made by said customers, according to applicable laws.

Not required

Until the “opt out” has been communicated

4.3 Optional/Mandatory supply of Personal Data. Subject to what specified above, the provision of Personal Data is optional and free. However, failure to provide Personal Data may prevent Data Subjects from receiving communications and/or replies to their queries concerning the company activities.

5. Persons in charge of the processing and processors

5.1 Persons in charge of the processing. As specified above, Coesia Group processes Personal Data collected from the Data Subject through the Websites. Directors, shareholders and independent collaborators (independently from the contractual relationship concerned) of the Coesia Group may process Personal Data in their capacity as persons in charge of the processing, according to National Data Protection Laws and to art. 29 of the GDPR. The persons in charge of the processing are duly trained and empowered to allow access to Personal Data according to the Privacy Policy and subject to their tasks being performed and assignments.

5.2 Processors. The Coesia Group may designate as processors entities/individuals for the purposes described above. The complete list of all processors may be required by Data Subjects to the Coesia Group, by sending an email to the email address cpo@coesia.com.

6. Method of processing, storage of Personal Data and security measures

6.1 Methods of processing. The Personal Data of Data Subjects are processed almost exclusively through automated procedures, by using computerized systems and softwares or, in a limited number of cases, through manual means (e.g. on paper), provided however that in any event such Personal Data are processed adopting methods which are strictly related to the purposes for which such data have been collected and anyway to ensure their security, in accordance with the GDPR and the National Data Protection Laws.

6.2 Place of automated data processing. Processing of Personal Data is made by the Coesia Group as joint-controllers and/or – if appointed – by the processors. Personal Data are stored in the head offices of the Coesia Group’s companies where the physical servers are and in some cases on servers of third parties, which provide cloud services to allow storage of Personal Data.

6.3 Transfer of Personal Data. Personal Data may be transferred in order to achieve the purposes described above to Coesia Group acting as joint-controllers, whether they are located in EU or in third countries outside the EU, provided however that in the latter case, the transfer of Personal Data as above specified shall be made subject to the Coesia Group’s assessment of full compliance with the provisions of chapter V of the GDPR and in particular with article 49.1 B).

6.4 Dissemination of Personal Data. Personal Data will not be disseminated.

7. Data Subjects’ rights

7.1 Rights. Data Subjects, when they are individual/natural persons, may directly address to the Company or the processor/s designated by the same in order to enforce their rights according to provisions of National Data Protection Laws and to the GDPR (articles 15 and subsequent articles), and, in particular, to have access to their own Personal Data, obtain updating and rectification or erasure of the same, restriction of processing, as well as obtain data portability by sending an email to the email address privacy@coesia.com or, with specific regard to the newsletter, by clicking the “unsubscribe” button or following the instructions published on the Website.

7.2 Right to object. With the same procedures described above, Data Subjects may object, in whole or in part, to the processing of Personal Data concerning them, where the relevant legal basis is constituted by the legitimate interests of Coesia Group, pursuant to and with the effects provided for by Article 21 of the GDPR, having regard in particular to direct marketing.

7.3 Complaint. The above notwithstanding, according to article 77 of the GDPR, Data Subjects, when they are individual/natural persons, may lodge a complaint with the competent Supervisory Authority, in order to enforce their rights, as specified above.

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
See all news See all news