Credit: Alfaservice
Dior China has been the victim of a serious cyber attack that has compromised sensitive data of thousands of customers. The news, recently leaked via social media, has caused serious damage to the image of the French brand, already the victim of a hacker attack that in February had targeted the official Instagram account, used to promote a fake cryptocurrency. The episode is just the latest sensational case: the fashion system is exposed to increasingly sophisticated cyber risks. And it does not only concern the big luxury brands, but above all the supply chain.
«As also highlighted in the recent report by Clusit (the Italian Company for Information Security, ed.), the manufacturing sector is among the most affected, and the reason is very simple: in Italy we have technical know-how that is coveted by many. The problem is that this know-how is not protected properly», explains Maurizio Benedetti, ICT Manager of Alfaservice, a Tuscan company specialized in information security for production and manufacturing companies.
The Italian fashion system, made up of micro companies and artisanal businesses that are often interconnected, is in fact a delicate and very vulnerable ecosystem. In fact, many of the SMEs do not have a security system that is adequate for the European NIS2 (Network and Information Security 2) regulation, which imposes both technical and training requirements: phishing, unprotected access, personal devices used without policies. «You don't need to be expert users, but aware users», underlines Benedetti. «Technology helps, but it's not enough. Training is the first defense tool. Man is often the Trojan horse: one click is enough to compromise the entire system. And the consequences can be disastrous both for the company itself and, potentially, for all the companies that collaborate with it».
Yes, because the supply chain is an "easy" access point to reach the big big ones: shared files, management software, even cloud spaces where projects and prototypes pass through, everything can become a gateway. «The production chain, made up of suppliers, subcontractors and laboratories, is an enormous interconnected network», confirms Benedetti. "It only takes one weak point to open a breach. In fact, attacks often do not directly hit the brand but start from a less protected supplier, then moving up the chain".
But even at a "local" level the problem is serious and often underestimated. "Let's think about OT, Operational Technology, that is, connected industrial machinery. If a hacker manages to interfere with a machine, he can physically alter production. A 1 mm hole can become 1 cm. If that machine produces a thousand pieces per minute, the damage is immediate, material, and can go unnoticed until delivery. Not only that: the threat is constant, and the attack is replicable".
What should a company do to bring its level of cybersecurity to an adequate level?
The first thing is definitely training: in the world of luxury, where everything speaks of excellence and control, cybersecurity can no longer be a topic relegated to IT. It is a transversal responsibility. Furthermore, the Italian business fabric must understand that investments in Cyber Security are essential not to avoid fines but to maintain an active and leading role on the market.
A solid and calibrated security posture: there is no single solution, each company must find the right balance based on the number of people, type of business, data processed and distribution on the territory.
Finally, periodic security tests and real simulations, the so-called vulnerability assessments and penetration tests, which simulate attacks to identify flaws before real hackers do.
