With increasing digitalization and dependence on networked systems and devices, cyber attacks have become one of the biggest business risks for German companies. Attack patterns are becoming more complex and dynamic. The third edition of Cyber Mornings addressed this issue and looked at the current cybersecurity situation.
In the course of the three-hour online event, the speakers provided answers to the questions of how cyber criminals exploit crisis situations, what measures companies should take to successfully position their own organization against cyber attacks, and how to behave properly in a cyber emergency in order to limit damage as far as possible.
The human factor – the biggest gateway and best protection at the same time
Kevin Schomburg from the Lower Saxony Office for the Protection of the Constitution kicked off the event with an assessment of the current threat situation in terms of cyber security. It became clear that current developments – industrial espionage and the conflict in Ukraine – have also led to shifts in the cyber world. Ransomware attacks in particular have increased in the recent past and make reference to current issues that receive the appropriate attention through media coverage.
Every company can assume that at some point – if it hasn’t already been – it will be affected by cyberattacks. These can affect both IT technology and the leakage of sensitive data, and can be caused by unintentional mistakes by employees as well as deliberately. For Schomburg, the human factor plays a decisive role in the successful execution of cyber attacks, but equally in their containment. To achieve the latter, an organization’s workforce must be actively involved in its security architecture.
Several factors are necessary to achieve this: Error culture, employee leadership, and employee satisfaction are relevant to whether or not cybersecurity is practiced in a company. Above all, it is important to integrate a healthy error culture into a company’s cybersecurity concept. Employees must be able to openly deal with cybersecurity mistakes – for example, clicking on a malicious link – and not be “punished” for it. The entire company should learn together from such incidents.
Dr. Michael Kreutzer also addressed the human factor in his presentation on sustainable cybersecurity concepts in companies. The cybersecurity researcher from the National Research Center for Applied Cybersecurity ATHENE also emphasized the central role of employees in cyber attacks.
In most cases, a lack of security processes or guidelines leads to cybersecurity failures – for example, hard drives that are inadvertently resold without final deletion of the data on them, causing data leaks.
According to Kreutzer, improving a company’s cybersecurity is an ongoing process. To that end, he cited the following specific tips:
- Maintaining an overview of the in-house data and IT landscape, as well as filing emergency documents.
- Continuous monitoring of the infrastructure with regard to security problems
- The regular adoption of security updates and patches.
- Handing over: backups in separate locations and, if necessary, transferring the administration of security-critical processes to appropriately designated service providers
- Constantly reviewing systems and practicing regularly with awareness or Cyberscope training.
The cybersecurity researcher sees internal communication as a central aspect: “The management of a company must anchor cybersecurity within itself, communicate it continuously and set an example. Responsibilities in this area must be clearly defined.
Cyber attacks: occur more quickly than expected
Jan-Tilo Kirchhoff illustrated how easy it is for cyber criminals to penetrate a company. In a live demo, the managing director of Compass Security Deutschland GmbH used various examples to show how quickly a cyber attack can occur. Kirchhoff emphasized that criminal hackers often do not only target data of the attacked company. Data from customers or downstream service providers is also highly targeted.
By simulating a denial-of-service, or DoS, attack, Kirchhoff illustrated how cybercriminals can easily disable a website: Several thousand requests are sent to web servers so that it becomes overloaded and collapses. This method has already been used to extort payment in many cases.
However, ransomware attacks occur most frequently through phishing emails. The attacks are carried out either in mass e-mails or in a very targeted and professionalized manner. Kirchhoff used various examples of ransomware files to warn against executable files and malicious Office macros in files from unknown senders. In this way, for example, HR departments were attacked in large numbers with the Goldeneye Trojan in 2016. Today, this method is still widespread.
Furthermore, Kirchhoff addressed the use of social engineering for cyberattacks and vividly illustrated the tools cybercriminals use to obtain personal data or create a fake social media profile. Bottom line: Easier than we thought.
The pentesting professional generally recommends a good password hygiene. Passwords should be unique, sufficiently long and complex, and two-factor authentication should be used as often as possible.
Angela Rieck was able to give the audience a first-hand account of how a cyber attack is perceived from the perspective of the victims. The head of the Lotto district office in Kempten noticed unusual activity on her server in the course of a data reconciliation. It wasn’t until she activated the screen mode that it became clear that this had to be a cyberattack: many hieroglyphic-like characters appeared, spread across the screen, and the message “You have been hacked – pay 1,000 Bitcoin” appeared. Angela Rieck reacted quickly and called her IT specialist, who immediately advised her to unplug the work computer. The cyber attack had an impact on various processes in the company. For several weeks, the forwarding of payments to headquarters was not secure. Angela Rieck’s company was lucky: apparently no customer data had been stolen as a result of the cyber attack and systems could be restored. However, her company had to bear the resulting damage of 10,000 euros itself, since electronics insurance does not cover the purchase of new equipment due to a cyberattack. The origin of the cyber attack could not be traced even by involving responsible authorities.
In this context, Thorsten Linge from Perseus Technologies gave helpful recommendations for the correct behaviour in the course of a cyber security incident: An emergency card provides initial assistance in the event of an emergency and should be available to all employees in printed form.
Cyber incidents and data protection: it’s all a question of data
The conclusion of Cyber Morning Vol. 3 was provided by Katharina Schreiner. The licensed lawyer and head of privacy at Proliance GmbH (datenschutzexperte.de) drew the connection between data security, cybersecurity and data protection: If personal data is compromised during cyberattacks, it is often essential to report the incident to the data protection supervisory authority within 72 hours. Good documentation and transparent communication, e.g., with the help of a landing page or a live ticker, are essential and are also perceived positively by the affected customers and cooperation partners. The steps to be taken from a data protection perspective depend on the assessment of the risks. The level of risk is classified and assessed on the basis of the sensitivity of the data and the type of data protection incident, for example, whether it is an attack or a technical error. Schreiner’s conclusion: It is definitely worth being prepared for a data protection incident and involving the relevant experts in order to make the process as straightforward as possible. Ultimately, it is important that employees are made aware of the issue and that responsibilities are clarified.
Johannes Vakalis, Head of Sales & Marketing at Perseus Technologies, hosted the online event. Cyber Morning Vol. 4 will take place in September 2022 and will address the importance of cybersecurity and risk assessment in the insurance industry.