ULTIME NEWS: Gyala riconosciuta Sample Vendor nel documento “Emerging Tech: AI in CPS Security” di Gartner Leggi

Defense Strategy in Interconnected Environments:

Interview with Mugnato (Gyala) on AI, OT, and Digital SovereigntyIntervista a Mugnato (Gyala) tra IA, OT e sovranità digitale

In a rapidly evolving geopolitical landscape, recent ACN data shows a 40% increase in cyberattacks compared to 2023 and a 90% rise in confirmed incidents, primarily impacting public administration. In this video interview with Eleonora Bove (FPA), we speak with Nicola Mugnato, CTO and founder of Gyala, about how increasingly interconnected environments can create new vulnerabilities and how to address them. Mugnato analyzes the two main types of cyberattacks—ranging from large-scale ransomware to sophisticated APT campaigns by state actors—highlighting how these are redefining defense priorities and how Agger 3.0, Gyala’s response, focuses on system resilience and sector-specific strategies. .

Il panorama della cybersecurity italiana ha subito cambiamenti significativi, con l’emergere di nuove minacce che sfruttano la crescente interconnessione tra Information Technology (IT), Operational Technology (OT) e Internet of Things (IoT). Questa fusione di mondi, che una volta erano distinti, amplia notevolmente la superficie d’attacco per le infrastrutture critiche del paese. A due anni dalla prima intervista, Eleonora Bove di FPA ha incontrato Nicola Mugnato, CTO e fondatore di Gyala per comprendere meglio queste dinamiche e le risposte strategiche.

Mugnato distinguishes two major types of cyberattack campaigns shaping the current scenario:

  • Large-Scale Tactical Attacks: Ransomware and Double Extortion
    These blanket attacks aim for financial gain through tactics like ransomware and double extortion and have seen a significant rise. “These types of attacks increased by 20% in 2024 and continue to rise in 2025,” says Mugnato. 83% of these targeted private companies, while 17% affected public entities. The increase is due to two main factors: on one hand, infrastructures remain inadequately protected; on the other, cybersecurity has become an extremely profitable business for attackers. As these are indiscriminate operations, anyone can fall victim, regardless of size or sector.

  • Advanced Persistent Threat (APT) Campaigns:
    A completely different scenario involves Advanced Persistent Threat campaigns conducted by state actors to gain strategic advantage over potential adversaries, explains Mugnato. These attacks have surged as an integral part of ongoing war strategies, aiming to weaken enemy defenses. Tactics include cutting power, reducing communications, disabling territorial and airspace control systems, or destabilizing civilian life by blocking essential services such as healthcare, water and food supply, logistics, and transportation. “These have increased because cyberspace has definitively become one of the five areas of conflict and is now one of the main ones,” stresses Mugnato, adding: “It’s more strategically relevant to damage uranium enrichment centrifuges via software than to destroy a mountain with 3-ton bombs.”

In this context, OT and IoT provide an additional advantage to attackers. “The more production infrastructures are automated (and this is an irreversible process), the greater the potential impact of an attack on physical systems,” concludes Mugnato, highlighting the growing vulnerability of critical systems.

Agger 3.0: An Innovative Response to Evolving Threats

Faced with such a dynamic threat landscape, Gyala has had to adapt its strategies and solutions, guided by a focus on the changing nature of the threat itself.

The result is “Agger 3.0,” a version introducing significant improvements and a more targeted defense approach. “We have developed differentiated strategies for each public and private sector,” explains Mugnato. This includes creating “detection and reaction rules capable of identifying the specific threats to which each IT and OT infrastructure is exposed from the earliest anomalies,” allowing for the fastest and most effective response to minimize service impact.

Differentiation is crucial because response needs vary widely across sectors. “Electromedical systems in healthcare infrastructure, water treatment and distribution systems, power plants, or IT systems in public administrations all require different rules,” emphasizes Mugnato. The goal is not only to block the attack but also to restore the service these systems were designed to provide. “This is the IT/OT systems resilience that Agger aims for,” he adds. The priority is no longer just ensuring information integrity, availability, or confidentiality but making sure that “machines we use for patient diagnosis and care cannot cause harm or that a foreign state cannot shut down our power plants or block communications or transportation.”

Technological Sovereignty

The name “Gyala” and the concept of “bastion” (Agger) have always symbolized Gyala’s commitment to bringing cybersecurity technology within Europe, with a strong emphasis on “Made in Italy.” Two years later, the results in terms of penetration into the Italian and international markets with this philosophy are significant.

National Sovereignty for cybersecurity technologies is a theme we strongly believe in, reaffirmed by the recent April 30 DPCM introducing the technologies to protect and the countries to source them from,” says Mugnato. Although the DPCM also includes non-European countries such as the USA, Switzerland, Israel, Japan, South Korea, Australia, and New Zealand, without specific incentives for national or European products—a condition Mugnato believes *“would have been helpful to encourage European technology development”—*the market has shown greater awareness.

“I must say that in recent years, we’ve seen a heightened sensitivity in the market—clients are happy to know they don’t need to turn to an unresponsive multinational but can rely on a reactive and flexible national company ready to support them as if they were part of their own organization.”

The Future of Cybersecurity: AI and OT/IoT Automation

Looking ahead, the evolution of Artificial Intelligence (AI) and the expansion of IoT are key factors shaping Gyala’s actions. On one hand, the company is expanding AI use across its product components. “We are further increasing the use of Artificial Intelligence in various product components to enhance detection capabilities and make it easier for users to analyze and define new rules,” Mugnato explains.

On the other hand, one of the greatest challenges in the coming years will be countering the use of AI in attack techniques. “We are defining new strategies to counter the use of AI in various attack techniques, and I believe this will be one of the biggest challenges of the next few years,” states Mugnato.

OT and IoT automation, while necessary to improve companies’ efficiency and competitiveness, also brings complexity. “OT and IoT automation is a necessary process to improve companies’ efficiency and competitiveness and will continue to grow,” acknowledges Mugnato. “At the same time, we and our partners will continue to customize our technology for each operational context to provide the most effective, fast, and simple solution for every customer,” concludes Mugnato, outlining a strategy of continuous adaptation and personalized support.