Cybersecurity in Local Authorities: DIY Skills Are Not Enough Against Increasingly Sophisticated Cyber Attacks

In Lombard municipalities, there is a widespread awareness of the importance of cybersecurity, but there is a need for a training process aimed at bridging a significant skills gap, particularly in managing more complex and harmful threats such as phishing.

This, in brief, is what emerges from a recent survey conducted by the University of Milan, in close collaboration with AnciLab within the framework of the PNRR MUSA project.

MUSA’s Spoke 4 has collected the results of its first year of research activity in a study and presented the findings today, February 13th, in Milan.

The study sheds new light on the situation of cybersecurity in Italian local authorities, particularly in Lombardy, revealing a partially encouraging but nonetheless critical landscape.

Coordinated by Danilo Bruschi, head of the Department of Computer Science at the Milanese university, the studies were presented in the historic Napoleonica Hall of the University of Milan and reveal how, despite the absence of critical vulnerabilities in the analyzed websites, simulations of phishing attacks have highlighted several weaknesses, underscoring the need for greater attention and preparedness towards these increasingly prevalent and sophisticated forms of attack.

The results, stemming from a study involving over 200 respondents through questionnaires and with input from 15 industry experts, indicate a prevalence of DIY technical skills, especially in smaller municipalities, and a more pronounced vulnerability to social engineering attacks in larger municipalities.

These findings underscore the urgency of implementing continuous training and updating strategies for cybersecurity personnel at all levels of Public Administration.

Carlo Fiorio, director of the Department of Economics, Management, and Quantitative Methods at the University of Milan and of the MEIEC, emphasized the importance of the survey as a tool to promote a culture of impact analysis, vital to enabling decision-makers to make informed and conscious choices.

Attention is also drawn to the importance of the human factor and the need for collective efforts to elevate the culture of cybersecurity. In this context, the “LombardIA” project of the Lombardy Region, as highlighted by councilor Alessandro Fermi, and the initiatives of the National Cybersecurity Agency, led by Gianluca Ignagni, represent significant steps towards building a resilient public system capable of protecting the rights and freedoms of citizens.

The research, therefore, highlights a long but indispensable journey towards the realization of a secure and reliable digital ecosystem for public administration, where training, awareness, and the adoption of advanced technologies such as artificial intelligence play a key role.

The challenge will be to keep pace with the evolution of cyber threats while ensuring that the digitalization of public services continues securely and sustainably.

“In an increasingly connected world, cybersecurity in Public Administration is no longer an option but a necessity,” explained Giovanna Iannantuoni, president of MUSA. For this reason, as MUSA, we wanted to shed light on this issue as well, which raises a series of delicate issues, from data protection to infrastructure protection. These themes are not only technical matters today but become an ethical imperative, affecting citizens’ trust in institutions. The results of the survey presented today, on the one hand, highlight the crucial importance of the human factor in building a robust cybersecurity strategy and the awareness of the importance of a digital security culture, while on the other hand, they underscore significant gaps in training and expertise, especially in smaller municipalities. In this context, therefore, there is an increasingly urgent need for awareness of the necessity of collective commitment to elevate the culture of cybersecurity at all levels of Public Administration. A commitment that sees all, industry experts, and institutions at various levels, joining forces to build a public system capable of resisting cyber threats and protecting the rights and freedoms of citizens.