Everyone who deals with computers knows it by now: One wrong click at the wrong time can have fatal consequences. Not only for oneself, but of course for the entire organisation at the workplace. Currently, cyber attacks on companies in Germany are increasing rapidly and meanwhile not only the large, globally active companies are in the focus of the attackers, but also smaller medium-sized companies, whose IT infrastructure is usually not yet sufficiently protected. The figures are alarming: already last summer, the digital association bitkom sounded the alarm and put the total damage to the German economy through data theft, espionage or sabotage at 223 billion euros per year. This corresponds to a doubling of the amount of damage compared to 2018 and 2019 (103 billion euros).
“Any investment in a company’s IT security is a good investment,” says IT security expert Thomas Gnadl, CTO at SCALTEL AG, headquartered in Waltenhofen near Kempten (Allgäu). Especially for medium-sized companies, the risk of attack is currently higher than ever. “There is still an enormous need to catch up in terms of protective mechanisms and strategies. No company should take the problem lightly. Nevertheless, many companies are overburdened with the complexity of IT security, especially because they cannot afford their own IT security department,” says Gnadl. His suggestion: If you get external help and find the right service provider, you can improve your company’s IT security in the long term and at a manageable budget.
“The in-house IT of a company can usually no longer handle the protection of the infrastructure, because it needs real IT security experts in this regard, who are not available on the market due to the shortage of skilled workers or the personnel costs are economically unfeasible. It makes much more sense to hire a service provider specialised in IT security who concentrates on the defence against cyber attacks in day-to-day business. There, the service for professional round-the-clock monitoring in 24/7 mode is precisely defined and employee illness or fluctuation is not reflected at the expense of IT security,” says Gnadl.
Gnadl illustrates how important a functioning line of defence is for companies with impressive figures from practice. In its so-called Security Operations Centre, or SOC for short, SCALTEL monitors the complete data flows of its customers.
20,000 security events per day, 24×7
“Every day we receive around 10,000 to 50,000 security-related events. Most of them are logically summarised by our security platform using artificial intelligence (AI) and threat intelligence (TI) and filtered out as harmless. About one per thousand of the events must then be analysed and manually evaluated by our security experts,” says Gnadl.
In the end, there are about 1 – 10 critical security incidents per month in SCALTEL’s SOC, which result in so-called incident response cases, where a security group is put together and countermeasures are initiated at the customer’s premises (incident response). “And the trend is clearly increasing,” says Gnadl, who can now draw on 25 years of experience in the field of IT services and also IT security with his team.
The latest reports illustrate this trend. In May 2022, production at the tractor manufacturer Fendt, with its German headquarters in Marktoberdorf (Allgäu), was at a standstill for several days after a cyber attack on the US parent company AGCO. The 4,5000 employees in Germany could neither produce nor make phone calls. A few days later, the authorities in the neighbourhood were also affected: due to a hacker attack, the Ostallgäu district office cut off all data and e-mail traffic to the outside world.
Ransomware the biggest threat
“The number of attacks will unfortunately continue to increase. It is all the more important that companies protect themselves better than ever against them,” says Thomas Gnadl. As is well known, one of the biggest threats to companies comes from so-called ransomware. Hackers use encryption software to paralyse computer networks and then extort large sums of money to unlock them. Ransomware is only one part of the attack world. Phishing emails to spy on sensitive data and DDoS attacks that lead to functional restrictions are just as common as exploiting vulnerabilities in unpatched systems.
“Every attack can have fatal consequences for companies. It’s not just about financial damage such as ransomware. In the event of a successful cyberattack, it usually takes several weeks and months before regular operations can be resumed, as professional hackers deliberately manipulate backup systems so that they are worthless in the event of damage.
Home office? Yes, but secure!
The majority of cyber attacks begin with social engineering, i.e. the manipulation of employees. The criminals deliberately exploit the human factor as the supposed weakest link in the security chain in order to obtain sensitive data such as passwords. In the bitkom survey of 2021, 41 percent of the companies surveyed stated that such attempts had been made recently.
Many attacks are also linked to the rapid increase in the implementation of remote and home office workplaces. “Of course, it is not enough to simply send employees home to work. It is enormously important that the devices are effectively secured and the communication channels to the company are protected. And of course: the staff must be sensitised to dangers in their own training courses (employee awareness). Anyone who does not do this is really acting negligently,” says Gnadl.
Companies are sensitised
Companies in Germany are aware of the danger posed by cyber attacks: according to the risk barometer of the insurance group Allianz, specialists and managers rate hacker attacks as the number one risk for their company. This was the result of a survey conducted by AGCS, an industrial insurer belonging to Allianz, in which 2650 professionals from 89 countries were questioned last autumn.
No wonder that security concepts and services individually tailored to companies, such as the use of SCALTEL’s Security Operations Centre, are currently booming. “We have more enquiries than ever before – and from all industries,” says Thomas Gnadl.
If the worst comes to the worst, the experts from the SOC react immediately. The corresponding processes start via an emergency management system defined in advance with the customer, whereby the IT security experts work hand in hand with the customer’s IT department.
In the event of an emergency, it is important to make the right decisions rationally. This procedure, which has been tested in practice, is very important for the success of the defence measures,” says Gnadl.
A tip in case of suspicion
According to Thomas Gnadl, if a company suspects a cyber attack, the affected computers or servers should be immediately disconnected from the network, either by pulling the LAN cable and/or deactivating the network card and the WLAN connection. However, the computers and servers should not be shut down completely. “This way, our security analysts can better reconstruct the origin and course of the attack using temporary memory data. Only if isolation from the network cannot be achieved promptly is shutting down the affected end systems the next best solution,” explains Thomas Gnadl.