The Requirement
One of Italy’s leading insurance companies approached N&C with the aim of assessing the robustness of its IT infrastructure and preventing possible vulnerabilities that could be exploited by malicious actors.
The project is part of the wider reinforcement of the group’s cybersecurity policies, which includes tests of the effectiveness of the protection systems adopted.
Key challenges include: identifying weak points in complex and highly regulated environments, without compromising operational continuity.
The Solution
N&C structured a comprehensive VA (vulnerability assessment)process, modulating the approach according to the perimeter agreed with the customer.
The main activities:
- Definition of the test scope and choice of the most suitable mode of operation (black hat, grey hat or white hat).
- Preliminary analysis of information systems and risk exposure levels.
- Use of advanced vulnerability scanning tools to detect critical issues in real time.
- Drafting of a detailed report, including:
– classification of vulnerabilities detected (by severity and impact);
– operational guidelines for risk mitigation;
– strategic recommendations for the evolution of the security plan.
The Result
The project allowed the customer to gain a clear and structured view of its level of exposure to cyber threats.
The main benefits:
- Early identification of vulnerabilities, before they could be exploited by external actors.
- Reinforcement of perimeter and application defences, with targeted corrective actions.
- Increased internal awareness by sharing results with IT and security teams.
- Strategic value in terms of resilience and compliance with industry regulations (such as IVASS, GDPR, NIS2).
"Security must increasingly be viewed as a necessary, rational and ongoing investment to ensure the resilience and competitiveness of organisations."
Fernando Bagini – Head of Cybersecurity & Security
