With coordinated tools and innovative technologies, companies are currently taking action against cyber risks and thus protecting their IT infrastructures from potential threats. But is this enough, and where are there still gaps along the entire IT supply chain, such as the software supply chain?
The German Federal Office for Information Security (BSI) regularly informs German companies about the risks of hacker attacks and provides valuable tips for improving IT security. However, it is not only hacker attacks with financial objectives that should be taken seriously. Disinformation campaigns such as the current one in the conflict between Russia and Ukraine can shift national borders, hit critical infrastructures and be used for possible manipulation.
Via the BSI, companies and providers of critical infrastructure in this country receive various recommendations to arm themselves more strongly against hacker attacks. There are basic security mechanisms suitable for both private individuals and companies, including two-factor authentication, for example. But to protect against cyberattacks, government agencies, institutions and military target systems must do more.
With full attention and the utmost vigilance, these five tips can minimize the risks and impact to businesses.
1) It’s all about full security awareness and evaluating existing risks. Employee training and regular password changes that are technically mandatory support this awareness. New internal IT standards should be communicated internally, just like current hacker attacks, so that measures can be derived from them if necessary.
2) Security updates strengthen the existing protective measures in existing operating systems and software. The prompt installation of these updates contributes significantly to increased protection. A company’s backup strategy strengthens this framework, and, in combination with multi-factor authentications, all relevant company data is protected.
3) If you think it only affects the big players, you’re wrong! Increasingly, small and medium-sized businesses are becoming the focus of criminals because they know full well that they often lack modern technology and an understanding of global cyberattacks. Even though more than half of the companies have already increased their budget for Internet security, according to a study by eco – Verband der Internetwirtschaft e.V. (Association of the Internet Industry), there are still plenty of vulnerabilities and gaps.
Especially as an operator of non-critical infrastructures and smart products, you have to ask yourself whether you have done everything to prevent someone from penetrating the next level via their networks. Because in the end, that’s also a way into critical infrastructures that need special protection, just in a roundabout way.
4) When you think of data theft, do you think of passwords and e-mails? Of course, they can cause much damage and trigger worthwhile transactions for criminals. But data theft in the age of digitalization is about control over mobile devices in the Internet of Things or development-sensitive know-how. In addition to ransomware, the lucrative extortion Trojan, website hacking and data theft are also highly prized by criminals. Therefore, companies must ensure that access from outside is not possible for unauthorized third parties, even outside critical infrastructures.
5) Innovative business models such as smart infrastructure are still relatively young, so their protection mechanisms are not yet as mature as those of established technologies. Just as the Internet of Things is only developing, security requirements in smart structures also need to be formulated and standards found in some cases.
Companies and municipalities have a mandate to add appropriate data governance to their cross-segment data ecosystem architecture and, in the process, to critically question the existing database landscape. For example, attacking mobility platforms, electric utility networks or healthcare facilities would have momentous consequences.
Academia, industry and government must work together to standardize and improve cybersecurity at all levels. Companies can learn about current threat situations from the BSI and adapt their processes to new work models such as the home office. However, there is often a lack of training and clear rules of conduct and an emergency plan. The necessary technical equipment must also be in place to successfully face the increasing threat of cyber attacks.
About the Author Stefanie Herrnberger
Stefanie is Head of Sales and Marketing at asvin and an experienced leader with extensive know-how in the field of digitization, IoT and Industry 4.0. Stefanie takes care of scaling of marketing snd sales activities to achieve asvin’s goal to become the leading provider of software supply chain security in the IoT.