Cyber risks – three acute gateways into your company
The risks of Industry 4.0 are challenging medium-sized companies. Find out here about the measures you should take.
Cybercrime is the downside of digitisation. According to the latest calculations by Investitionsbank des Landes Brandenburg, cybercrime costs the German economy around €46 billion each year. British insurance company Lloyds estimates that damage to the global economy totals €400 billion. European Cyber Security Month (ECSM) was launched by the European Union in 2012 in response to the growing threat from cybercrime and is now held each year in October. For an entire month, the focus is placed on content related to cyber security and various campaigns are carried out by co-operation partners from administration, academia and business. During this year’s ECSM, Bundesdruckerei presents three current risk trends that your company faces. Be it staff, malware or the use of mobile terminal devices, the challenges for IT security are enormous.
Risk trend No. 1: Employees
According to Bitkom, the biggest threat facing companies comes from their own ranks, i.e. their staff. This was found in a survey of companies affected by industrial espionage, sabotage and data theft. But the focus is not only on deliberately criminal acts. It is often a case of carelessness and a lack of knowledge on the part of employees when working with new technologies. Greater mobility, both in private and working life, means that employees are not always within the borders of a trusted network. In cases like these, applications and devices are then directly connected to the Internet or a cloud. This makes them susceptible to targeted attacks, especially since this kind of equipment is not always sufficiently protected.
There is also a risk of IT and communication devices, such as notebooks, smart phones or tablets, getting lost or stolen. German companies have also reported rising levels of social engineering. It is often easier for cybercriminals to turn to employees to search for security gaps rather than attacking a well-secured network directly. They do this by calling employees using a false identity and requesting passwords and other information. Personalised phishing e-mails are used for this purpose too. All it takes is for one person to click the link in the e-mail and the hacker has access to the company network.
Risk trend No. 2: Botnets
The Federal Office for Information Security (BSI) painted a bleak picture in its 2015 Report on the State of IT Security in Germany: 439 million malicious program versions are currently in circulation world-wide and the number is rising. In its most recent 'Threat Report', the security experts from McAfee Labs, a highly renowned Intel research institute, spoke of 316 new threats a minute. Of the many different types of malware in circulation, so-called botnets are the most widespread variant. 'Bot' stands for robot and 'net' for network. In this case, countless computers that have been infected with viruses and trojans work together to attack company networks or web servers with malware and spam. Each of ten largest botnets has an infrastructure made up of millions of infected machines. Together, they were responsible for around 300 million spam mails sent in the second quarter of 2016.
The Locky e-mail campaign was sent via a famous botnet named Necurs. Locky is ransomware that encrypts cloud memory and harddisks and only releases them after a ransom is paid. This ransomware has temporarily crippled public agencies, companies and hospitals. Criminals even offer botnets like these for rent. In the two years before being captured in September 2016, the Israeli operators of the vDOS website earned their money by supplying their customers with botnets for Distributed-Denial-of-Service attacks (DDoS). This form of attack uses an infected computer network to send huge amounts of queries to a server, forcing it to go offline temporarily.
Risk trend No. 3: Mobile terminal devices
Trojans, viruses or spyware – this kind of malicious software belongs to the conventional arsenal of tools used by cybercriminals and therefore to the everyday challenges facing IT security at companies. But when it comes to iPhones, Windows or Android smart phones, many users do not even think about data risks. But this is a matter that should not be taken lightly. Mobile terminal devices are increasingly being used simultaneously for both work and private purposes, often as part of BYOD concepts. But there is a lack of thorough and sufficient security precautions, such as anti-virus software.
McAfee Labs estimates that there are almost eleven million threats for mobile devices. In the second quarter of 2016 alone, two million new malicious programs were identified. Compared to the previous year, this is an increase of more than 150 percent. This rapid development is due to the global increase in the number of mobile phones with Internet capability. With their e-mail programs, camera function and apps, these devices are a bountiful source of personal and sensitive data. Thanks to data flat rates, they are connected to the Internet 24/7, and often even outside the company's protected network. This, however, makes it easier for attackers to use Bluetooth or NFC (Near Field Communication) interfaces to launch their attacks. At the same time, apps installed by employees themselves are increasingly becoming attractive targets for hackers. That's because app stores are overrun with spyware disguised as applications that intercept the user's data.
Equipped to face cyber risks
Trends show that the digital revolution is posing a growing number of risks to companies. Employees and technical infrastructures need to be comprehensively protected. Cyber risks have to be counteracted by a clever cyber strategy and suitable measures. ECSM uses a diverse programme to address how infrastructures and communication channels can be effectively protected and which general security precautions must be taken. An overview of this year’s events in Germany and other information about ECSM can be found at: www.bsi.bund.de/ecsm.