Advertisement: Representatives of the authorities BKA and BSI sat down at a virtual table with experts from the non-profit association G4C and the security provider Link11 to talk about the influence of Covid-19 on digitization and IT security.
The Covid-19
pandemic has proven to be a powerful impetus for digital transformation. Due
to the increased use of Internet applications and consistent home office
strategies, the attack surface for cybercriminals is growing. For
example, they try to use the location for their own purposes with the
successful Corona phishing trigger or malicious overload attacks.
Pandemic Is the Perfect Breeding Ground for Online Fraud
Corona is an
enormous stress factor for nationwide IT security in business and society. Sandra
Häberer from the Federal Office for Information Security (BSI) also confirms
this. Häberer, who deals with the creation of IT security situation
reports have been observing the changed and significantly more intensive user
behavior in private and business life and the resulting development of cyber
attacks for several weeks.
"In In this particular situation, companies are at a financial infrastructural limit
in terms of security measures, which means that cyber attacks are a higher the corporate risk right now," said Häberer. Information from the BKA
underlines this assessment. According to Heiko Löhr, who in the newly
established Cybercrime Department of the BKA has insight into the digital
threat situation, the pandemic with its social and economic consequences
creates additional opportunities for cybercriminals.
It is
striking how quickly the perpetrators adapted their methods and attacks to the
current situation. In times of personal uncertainty and economic hardship,
the attacker's fake help via e-mails or fake websites or lure them with alleged
offers of information to finally get too personal data or sensitive
company information.
According to
Löhr, "Corona with all its effects is the ideal raw material to carry out
social engineering and phishing crimes on this basis". Peter-Michael
Kossow can also report on fake bank websites and e-mails requesting
verification of customer data. The managing director of the "German
Competence Center against Cyber Crime (G4C)", which operates across
industries, is also familiar with the threat situation, especially in the
banking and finance sector. Attempts to access customer data or manipulate
transfers are, according to G4C, not only aimed at private individuals, but
also at the accounting employees of companies who work from home.
The Home Office Becomes a Target
Cyber
criminals are taking advantage of the current crisis and are specifically
targeting home office structures. Marc Wilczek, who runs the business at IT security provider Link11, knows
that many companies have switched to the home office in whole or in part over the
past few weeks.
When
employees stay at home across the board and dial into their usual work
environment via a VPN server, the company's IT faces new challenges. Reports
from IT infrastructure operators such as DE-CIX or telecommunications providers
such as Vodafone have been reporting increased data traffic around the globe
since March. In times when the data load is already high, even the
smallest attacks are enough to shut down companies and their home office plans.
Against this
background, Wilczek has been reporting since mid-February 2020 of a renaissance
in DDoS attacks aimed at willful overload. In addition to traditional
botnets made up of infected servers and PCs, attackers now increasingly have
access to hijacked cloud infrastructures and IoT devices. For companies
that depend heavily on a digital business model, this means a security
nightmare even without Corona.
KRITIS Operators in The Crosshairs
More and
more companies are relocating their business models online. Whether media,
finance, or online retailers - every minute of downtime costs money and can
damage your reputation. In the current context, availability and
accessibility are even more important than usual for numerous system-critical
industries: energy and drinking water supply, information and communication
technology, healthcare, and the food sector. All of those industries are
particularly vulnerable to cyber extortion. In particular, attacks on the
health sector increased, which caused great uncertainty. Delivery service
providers also recorded increased attack activities in times of lockdown and
voluntary self-isolation.
Cybersecurity in Times of Covid-19
The attacks
often have one common denominator: They exploit people as the weakest link in
IT security. Most employees, unless they are at home in the IT
environment, lack knowledge and awareness of the many forms of cybercrime and
the methods used by the perpetrators. Since the attacks often take place
in waves with large time intervals, Kessow demands that permanent awareness-raising and continuous training within the company be ensured. Central
cybercrime contact points of the state criminal police offices and the BKA
offer information on prevention as well as trustworthy and, if necessary,
confidential cooperation in the event of damage. Institutions such as the
Cyber Academy offers training on all aspects of IT security and data
protection.
Early
warning systems, as operated by the G4C as a platform for exchange between
companies, can represent a further integral component. The BSI provides
numerous checklists and current information for citizens to ensure secure
private Internet use. The BKA and BSI also point out how important it is
to report incidents quickly and to file criminal charges to gain time
for securing evidence and clarifying the matter.
Key Technologies for Safeguarding Digitization
However, in the opinion of
the experts, raising awareness of the current risk situation is only one of
three aspects that ensure maximum IT security. It is just as important to
scrutinize the IT processes and procedures in a targeted manner and to
establish effective defense solutions. Given real-time interaction
and availability and the associated huge amounts of data, security should
increasingly be viewed from the perspective of automation, reports Wilczek from
daily protection practice.
When time becomes a
critical commodity, algorithms can guarantee the necessary speed for the
detection of attacks and their defense - around the clock and within a few
seconds. At the same time, the risk of human error is minimized. It
will still be up to people to classify the attacks and to derive measures from
them.
The majority of large
German companies are already consistently on the ball when it comes to IT
security and classify the safeguarding of digital business operations as a
management task. Many medium-sized companies, on the other hand, lack the
resources for technology and personnel. The exchange of information
between companies via platforms such as the G4C or the use of support services
by the authorities could be the first step towards a more secure corporate
future.
Whether a Dax 30 group or a small family business - digitization has come to stay. The pandemic has massively accelerated the transformation and its unwanted side effects. Wherever business or communication processes are digitally transformed, cybercrime is not far away. The panel of experts is certain: 2020 is and will remain an eventful year in IT security.
Grab the opportunity of free antivirus software with all advanced premium features.
Comments
Post a Comment