For professional hacker gangs, successful cyberattacks on companies via fake emails are an easy undertaking. Until the danger is recognized and averted, the existence of medium-sized companies is quickly endangered. Dr. Falk Herrmann explains the reasons.
The worst thing for any industrial company is an unscheduled downtime in production. If the cause is a cyber attack, this makes it difficult to predict over which period the stop must take place. In smart factories in which IT and OT are networked, the first thing to do is to determine how and where the spread has already taken place. Cybersecurity provides important information on how to prevent such scenarios.
Are German companies sufficiently prepared for possible cyber-attacks and are their protective measures sufficient?
Herrmann: German industrial companies are often inadequately protected and are therefore often affected by cyber attacks. Prominent examples from the recent past are attacks on Krauss-Maffei, Pilz, and Lanxess. Most of the incidents do not tell the public anything. Every day, medium-sized companies' IT networks are hacked, data stolen and companies blackmailed. These companies have invested many years in protecting their IT - but these measures are no longer sufficient in the age of digitization.
The problem: the attacks are becoming more and more professional and perfidious. Example Emotet. This malware is a door opener with the help of which attackers can download additional malware from the Internet. That is what makes the attacks so dangerous. The way to the computer is relatively easy. Emotet is smuggled into company computers with the help of forged emails, so-called phishing emails. Behind the dispatch are professional hacker gangs who initiate a veritable flood of phishing.
Hacker attacks are a major threat to production in the manufacturing and process industries. Because OT and IT grow together in the smart factory, downstream attackers can quickly spread across the entire company network. To prevent the malware from spreading, a large part of the IT systems must be shut down. The machines then standstill. This can threaten the very existence of a medium-sized industrial company.
Attack surfaces through cloud services
The risk has increased further due to the corona pandemic. The current need for information is increasingly being exploited by hackers. Malware is smuggled onto computers via fake websites, emails, or graphics that come from apparently trustworthy sources. At the same time, new forms of mobile work via web applications and cloud services are creating new areas of attack.
Today it is no longer just about the danger posed by criminal hackers. Anyone who stores their data with a US cloud provider must know that they are not secure from access by US authorities. This is not only a problem for a company's competitiveness - but it also violates the EU GDPR.
Regardless of the budget, which three security measures should companies implement to protect themselves against cyber-attacks?
Herrmann: First, Internet access must be secured. Because the browser is the main gateway for attackers. The easiest way to do this is with a virtual browser. This must be a fully virtualized surfing environment. This solution enables a consistent network separation. Instead of detecting malicious code, as is the case with antivirus programs, all potentially dangerous activities are isolated in this virtual browser. Malware like Emotet and ransomware then have no chance.
Second, web-based applications must be protected by special web application firewalls. Because: It is relatively easy for hackers to hack into portals protected by logins and access the database behind them. Cybercriminals gain access to large amounts of personal data in one go and can steal or delete them. Network firewalls are powerless here. A web application firewall analyzes the data exchange between clients and web servers. If certain content is classified as suspicious, access via the web application firewall is prevented.
A firewall is not enough; should having total security for better security performance.
And third, a current topic is the security of data in the cloud. Companies urgently need a data protection-compliant solution. Because the European Court of Justice recently ruled that the agreement on the protection of European data transferred to the USA - the so-called "Privacy Shield" - is invalid. Companies that use cloud services face a dilemma. Compliance with the EU GDPR in the cloud is currently only possible with a data-centric security solution. The data is decoupled from the work processes and service offers of non-European cloud providers and encrypted. This way, they can be saved anywhere.
Keyword security as a service: Should the manufacturing and process industries consider managed security services?
Herrmann: In small and medium-sized companies, there is often insufficient know-how and staff to implement up-to-date IT security. Because of the enormous dangers posed by an attack and the pitfalls caused by requirements such as the EU GDPR, it can therefore make sense to hand over IT security to external experts. Service providers also offer the option of a 24/7 emergency service. Because the attackers do not follow office hours. So if you are ready to give up control of your own IT security, MSS can be the right path to modern and professional IT security in your company.
Comments
Post a Comment