.svg)
Many thrillers revolve around criminal hackers attacking critical infrastructures and thus plunging entire cities or even states into a blackout and thus into Stone Age chaos. Although this is of course just a fiction made up by screenwriters, small and medium-sized enterprises (so-called SMEs) take the issue of cybersecurity very seriously.
Because the The number of hacker attacks is increasing. This is based on both state actors and private individuals. And it is not just global corporations that are becoming targets.
The Protection against digital attacks is therefore becoming more important and can pose immense challenges for smaller companies in particular.
How much damage does illegal activities such as cyber attacks cause to companies? Experts estimate damage of around 203 billion euros per year to the German economy alone. The number of attacks is increasing. Because as recently as 2018, the damage caused by data theft and hacker attacks was 103 billion euros.
What risks are known to the German economy?
Before we go into more detail about IT security and possible solutions to defend against hacker attacks, let's take a brief look at the individual activities throw, from which companies are threatened.
These include:
- Industrial espionage or theft of trade secrets
- Downtime due to crippled computers and networks
- monetary losses due to unauthorized withdrawals
- data theft
- Extortion and ransom demands for the release of encrypted data
The range of illegal actions is therefore wide and, in addition to public institutions, medium-sized companies have long been the focus of this everyday threat. Connected devices and the introduction of digital technologies into a wide range of business sectors in particular do not always make it easy to protect against threats.
What role does the digital revolution play in external security or the protection of companies?
In fact, in the digitization as well as the automation of certain production processes Opportunity as well as risk at the same time. Because the digital revolution has significantly increased the attack surface for white-collar criminals. This starts with malicious file attachments and ends with the theft of company and production secrets.
In contrast to earlier analog industrial espionage, cyber attacks can now be carried out from almost anywhere in the world. Affected from such attacks are global corporations, but also small and medium-sized companies in their normal business operations.
By the way, a preliminary highlight was in 2021 achieved as the German economy through illegal cyber activities a loss of 223 billion euros was created.
What role did the pandemic play?
The impact of the pandemic on illegal cyber activities is clearly visible. Selbst microsoft warned on his news page of “hacker attacks under the guise of the pandemic.” It wasn't just scientists and their research results that were spied on.
Because smaller companies in particular were by no means prepared for working from home and the associated challenges to their own networks as well as domestic IT security. Therefore, the Security Department issued a warning at Federation of German Industries (BDI) expressly facing a precarious security situation, which has been further aggravated by home office and the pandemic.
Every 4th German is already affected
That too Federal Office for Information Security sees digitization and constantly new IT technologies as a challenge for cybersecurity that requires efforts from all parties involved.
Because every 4th German has already been a victim of cyber criminals at least once, with - especially in the private sector - Spam and phishing become a big problem. In fact, there is also a risk of unsolicited advertising emails. Denn Spam and harmful file attachments often go hand in hand.
So-called phishing emails, with which cybercriminals want to siphon off passwords, also pose a problem in both private and economic contexts. In doing so, the actors are becoming more and more clever and are using fake addresses as alleged senders.
How vulnerable is Germany?
Despite all the understandable anger over personal financial loss, this raises the question of how vulnerable Germany is as a state with its critical infrastructures. These include, for example, electricity and water, but also the medical care or the Transport sector.
In fact, cyber attacks are also increasing — and worldwide — with regard to critical infrastructure. Energy suppliers and their power grids are particularly frequently affected. The ingenuity of criminal hackers seems inexhaustible and ranges from countless requests that overwhelm a server until it collapses overloaded, to corrupted links that employees mistakenly open when an email arrives.
Here too, at energy suppliers or hospitals, there is often target in it, To encrypt data and only release it after payment of a ransom. Experts continue to expect a tense threat situation, particularly in this environment.
In this case, the loss of life At least not excludedwhen important patient data is no longer available in hospitals or vital operations have to be suspended due to an IT collapse.
Who are the players?
According to investigators and IT security experts, actors for criminal cyber attacks are often hacker collectives. The Ukraine conflict has also shown that such associations have a power that should not be underestimated.
With the start of the fighting, the news circulated here that Anonymous had declared war on Putin. The activists in this group became known to laypeople primarily for their face masks; since 2008, the group has also been attracting attention with political protest actions.
According to experts, in addition to opponents of the Ukraine war, pro-Russian groups are also active with their own cyber attacks. In fact, they were More than 150 cyber events related to the Ukraine conflict were counted as early as 2022.
Both involved are, as well as in the context of cyber attacks on companies, both
- state actors such as secret services
as well
- private hacker collectives and cyber groups
As of summer 2023, the feared massive power outages or even physical destruction (i.e. as in disaster films described above) have fortunately not been achieved to date.
A first conclusion
The first conclusion is therefore the recognition that the weak points in public and internal IT security lie in the area of hardware and software. In addition, the human factor plays a very central role.
As part of consultations on the subject of cyber security, awareness campaigns are therefore paramount. Employees must first become aware of the extremely precarious security situation.
It is only in a further step that modern software solutions are implemented and the workforce is trained on the subject of IT security.
Cybersecurity challenges for SMEs
Setting up a well-protected IT infrastructure is often a problem, especially for small and medium-sized companies, i.e. so-called SMEs. Denn As a rule, our own employees lack the necessary know-how.
This is almost inevitable IT consultants and cybersecurity experts such as MDSYSTEC into the game. Here, external consultants and agencies offer both All-inclusive solutions for IT by companies as well as individuals system and software solutions, for example on the subject of cyber security, on.
The advantages of domestic IT consultants are obvious:
- There are no language barriers or socio-cultural hurdles
- Customer and external consultant live and work in the same time zone
- IT security experts can quickly be on site in the event of error messages and computer crashes
- Training on new software applications is carried out locally and in German
Just sensitive IT areas such as cyber security Should therefore exclusively to German IT consultants be outsourced.
Who protects critical infrastructure?
As described, the challenges for protecting critical infrastructure are also high. Here, too, the threat situation was significantly aggravated by the war against Ukraine.
According to experts and intelligence agencies, hackers or state actors could be in a wide variety of industries, such as hospitals or operator of pipelines, but also railway lines or sewage treatment plants Target.
While doing so, seem especially public institutions due to their staff shortages as well as outdated IT systems are often particularly poorly protected. The Federal Government is primarily responsible for cyber security in Germany. There is also a national coordination center for cyber security Germany, NKCS for short.
In addition, there is a European Competence Center for Cybersecurity in Industry, Technology and Research based in Bucharest, which the EU launched in 2011. Last but not least, that Federal Office for the Protection of the Constitution deals with den vulnerable structures And sees an increased risk due to globalization and digitization.
According to Sinan Selen, Vice President of the Federal Office for the Protection of the Constitution, the number of actors has also grown again. Here, hostile intelligence agencies as well as extremists or free riders would have to be mentioned.
The range of threat scenarios ranges from hacker attacks that paralyze systems to espionage and sabotage, so that even BundeswehR a own cyber security center entertains.
Protection against cyber attacks therefore plays an important role in all areas of life and existence, including national defense.
Connected devices and their vulnerability to digital attacks
The concerns of many experts are not solely due to the growing number of hostile actors. Because also The cyber risk increases drastically with the number of connected devices.
Even cash register systems and ticket machines are increasingly being targeted by hackers. Because this is where billing information and often customer data are stored and sent from one company to the next. As a result, illegal access can cause considerable economic damage.
In doing so, hardware often makes their “job” easier for hackers. Because many of the used Processor and storage capacities are calculated too narrowly. The operating systems are also often outdated and are no longer supported by Microsoft.
According to EU Commissioner Thierry Breton, hundreds of millions of connected devices in private households, from mobile phones to toys to modern motor vehicles, which do not meet the cybersecurity requirements either in terms of their hardware or software. The issue of IT security is therefore quite controversial at the state, economic and private level.
What does the Federal Criminal Police Office say?
The Federal Criminal Police Office (BKA) in Wiesbaden has long seen cybercrime as a global, partly professionally organized business. This involves drugs and weapons, but also child pornography and stolen identities. Even “services” related to cyber crimes are advertised on the Darknet.
According to Wiesbaden investigators, cybercrime is a crime field with high growth rates that is also subject to constant change. that BKA therefore publishes a federal cybercrime situation report once a year and, if necessary, issues current risk situations, special evaluations and warnings.
The actual Law enforcement is subject to the sovereign law of the individual federal states. Here, too, there are usually specialized services dealing with economic offenses and cybercrime.
that BKA In turn, according to its own statements, takes over as a central office of the German police coordinative tasks and is Networked with Europol and Interpol by liaison officers.
The protection of the economy as well as critical infrastructure is therefore located at state and federal level and is comprehensively organized.
Affected persons undertakings in turn are required to report cyber attacks with an impact on personal data to the competent authorities. In any case, that is what the GDPR provides for.
What obligations and tasks do companies have when it comes to cybersecurity?
As a result, companies from a wide range of sectors, from craft businesses to online mail order businesses to the healthcare sector, are almost automatically accountable. Because personal and sometimes sensitive personal data is stored everywhere.
Die Chamber of Industry and Commerce recommends therefore comprehensive prevention against cyber attacks and in this context, refers to a checklist that was developed together with the Bavarian State Office for Data Protection Supervision.
These include:
- The so-called network segmentation, i.e. a network separation into different sub-areas
- particular Be careful when using PowerShell, software in the Microsoft universe that, as experience has shown, is used time and again for cyber attacks
but also
- That Prevent foreign Office macros
as well as
- safe and constantly changing passwords, particularly in the administrative area
Because as described, they are vulnerabilities, through which hackers can penetrate IT networks not alone in the hardware and software sector. All too Human recklessness is also often involved.
What are the potential consequences of cyber attacks for companies?
As early as 2022, the Ministry of Economics, Industry, Climate Protection and Energy of the State of North Rhine-Westphalia proactively promoted cybersecurity in SMEs with 4.2 million euros. The aim was SMEs also have access to innovative products and services toward enable.
Funding included external analysis and consulting services, such as those offered by MDSYSTEC. This is because digital threats are growing and do not stop at SMEs and small businesses. There are also significant financial consequences. Because hacker attacks cause:
- Costs due to business interruptions
- Costs for external service providers who restore the IT infrastructure
- Costs for recovering or recovering “hijacked” data
and where appropriate:
- Expenses for legal advice
or even:
- Costs of procedural and contractual penalties
Last but not least, the trust of customers or patients is lost when cyber attacks become known.
How can IT security be increased in SMEs?
Data leaks and cyber attacks can be prevented by continuous Investments in hardware and software. That regular operating system updates must take place and the Virus protection always up to date is, actually goes without saying.
Unfortunately, these most elementary cybersecurity rules are often criminally missed not only by many private users, but also in smaller companies in particular. Even among SMEs, awareness of the dangers of hacker attacks is not yet anchored in the minds of all managing directors and employees.
Because employees still click recklessly on phishing emails. Conversely, many companies provide far too many employees and outsiders with administrative rights.
One of the weak points therefore clearly lies in the human factor.
How do MDSYSTEC experts approach cybersecurity?
One of the main goals of external IT consultants such as MDSYSTEC is therefore to sensitize and train the workforce as well as management on the topic of cybersecurity. Regular retraining that addresses new threats has proven effective.
It is also important that companies get to know and correctly assess the risks of their own IT infrastructure. Penetration testing, as well as solid threat and vulnerability management, are therefore part of the industry standard.
In addition, rewards for employees who identify and report security breaches could be a tool worth considering.
Conclusion:
The fight against cyber attacks therefore takes place at very different levels. From government institutions to IT consultants and implementation partners who keep cybersecurity software solutions up to date. However, employees must also recognize the risks and take action themselves.
Countless cyber attacks in the past have shown how important it is to protect systems and protect personal data. Countless companies were hacked in 2023 alone. Underneath lotteries and energy supplier, but also medical services.
As a result, no industry should feel safe, and a budget that companies invest in their cybersecurity is money well spent.
%20(1).png)
.svg)
.svg)
.svg)
.svg)
.png)
.svg)
.svg)
.svg)
.svg)