Cybersecurity and sustainability, an increasingly necessary link

Although the information systems protection and the ESG fields appear distant, the gap between them will gradually tend to narrow. This is the strong belief of Marco Bavazzano, CEO of Axitea, Global Security Provider, who, in an interview with Cybersecurity360, proposes technologically innovative services and solutions in line with the principles of the circular economy

In the 380 pages of the latest Clusit report on ICT security in Italy, the link between cybersecurity and the issue of sustainability is hardly ever made explicit. Yet, it is a link that exists, as IT architectures, and thus also related security systems, are increasingly dependent on the computational capacity of data centres. They depend, in other words, on infrastructure that constantly needs to be populated and cooled. If this nexus intercepts the areas that are today summarised by the acronym ESG (Environmental, Social, Governance) upstream, downstream too the combination of cybersecurity and sustainability will gradually become one of the criteria for companies to choose.

The inherent products and services can and must also be redesigned in a way that causes a smaller environmental impact, in addition to the traditional checks that refer to functional and performance aspects. Marco Bavazzano, CEO of Axitea, a company that has been operating as a Global Security Provider for several years, is convinced of this. “Cybersecurity is of strategic importance when defining an ESG plan,” says Bavazzano, “because cyber attacks are the most immediate threat to the achievement of a company’s sustainability goals. This is because, if not adequately protected, any company could suffer at any time an intrusion or compromise to its information systems that could have a significant financial impact.”

The nexus of cybersecurity with the three cornerstones of ESG

The repercussions in economic terms of a cyber attack are obvious, but the link between information system protection and influence on all three dimensions to which the ESG acronym refers is not immediately apparent. On the other hand, the environmental impacts on the life cycle of a software, and thus with respect to the ‘E’ of Environmental, are perhaps less so when one thinks of the other two ESG terms.

“There is a strong link to Social and Governance,” says the CEO instead. “The publication of information and personal data as a result of ‘data leakage’, i.e. stealing confidential data concerning employees and customers, could cause a social impact for those involved. Furthermore, a social impact could also be caused by the disruption of essential community services, such as gas and energy supply, telecommunication services, financial services, etc.”

This also explains the connection with the ‘G’ of Governance to which the logic of corporate management inspired by good practices and ethical principles is traced. Threats from the digital world could undermine a company’s short- and long-term sustainability, which is why an organisation’s governance model cannot ignore cybersecurity policies that protect all stakeholders.

A focus on sustainability set to grow

In the past, when threats of hacker attacks were not as common and damaging as they are now, companies were reluctant to adopt processes and technologies to protect their assets. Instead now, they are facing a new challenge, that of sustainability. Doesn’t having to embark on proper cybersecurity courses, with the addition of an extra element to take into account, risk being perceived as yet another burden to be under?

Marco Bavazzano is clear on this point: “It is essential to highlight just how dangerous and wrong the wait-and-see attitude of certain companies on the issue of cybersecurity is. Today, a contracting authority would never award a contract to a company that does not ensure the protection of its workers by providing them with the necessary protective equipment, and no decent company would avoid doing so. On the other hand, there is no hesitation in awarding contracts to those who do not invest in data protection and information systems, even when the contract puts the supplier in a position to directly or indirectly access company information systems or process confidential data and information.”

Just as cybersecurity can no longer be underestimated, Bavazzano is certain that the awareness of sustainability on the part of organisations is growing. Although still in the early phase, the CEO is convinced that “this kind of attention from companies will increase more and more, and our current focus on the topic will be greatly appreciated.”

Axitea’s proposal inspired by the circular economy

With a view to moving in this direction, the company is offering its customers technologically innovative services and solutions in accordance with the principles of the circular economy. In practice, the model it is inspired by should make it possible to reduce the consumption of raw materials, favour a longer life cycle and facilitate the recycling of the products used.

“Recently ,” Marco Bavazzano concludes, “we were engaged by a customer to help him choose the Endpoint Detection & Recovery solution best suited to his needs. The checklist we used for the comparative evaluation of possible solutions included the effectiveness of the solution with respect to the MITRE ATT&CK framework, but also the analysis of the consumption of both processing resources, i.e. CPU and memory, and energy. The customer, who had been integrating ESG objectives into the company’s strategic business plan for some time, expressed his enormous appreciation to us for this methodological approach. So much so that, in the end, we favoured the solution deemed ‘winning’ not only for its effectiveness in detecting attacks, but also for its lower consumption of resources.”

A case that, in the coming years, will become increasingly common as a culture of sustainability, driven by initiatives such as Agenda 2030, spreads among citizens, businesses and public administration.