Industrial espionage, data theft, sabotage – cybercrime increased significantly during the COVID-19 pandemic. This development holds lessons to be learned: We share the key cyber security learnings from the pandemic that should be incorporated into network security optimization, according to Janek Maiwald, Chief Technology Officer (CTO) at DGC.
Growing cyber risks on the web
This topic has accompanied companies for years and is more relevant than ever: Cyber risks have increased rapidly in the course of the digital transformation, increasing networking and decentralized work. This is illustrated not only by the growing number of attacks from the Internet. The ways in which hackers gain access to sensitive company data are also changing at an ever faster pace. New and adapted attack methods are constantly being developed, ranging from deceptively genuine-looking phishing attempts via e-mail or SMS to steal user data, to targeted attacks to obtain valuable research results, for example, to the use of malware (ransomware) to block entire supply chains or pipelines.
According to the latest situation report by the German Federal Office for Information Security (BSI), cyber attacks threaten production processes, service offerings and customers in a way that jeopardizes their very existence. Even important areas of society such as medical care or the power supply are affected. Another cause for concern is the increased risk of vulnerabilities in IT products due to constant updates and release changes as well as insufficient quality controls by software companies. One example of this is the critical vulnerability in the Microsoft Exchange server, which was identified on 98 percent of all tested systems. Microsoft closed the loopholes with a security update – after it had already been exploited for targeted attacks.
“In the area of information security, we are on red alert – at least in some areas,” BSI President Arne Schönbohm commented on the study results in a press release. “The BSI’s new situation report shows more clearly than ever: Information security is crucial for successful and sustainable digitization.” Especially as the IT security situation has become more critical during the pandemic.
How the Corona pandemic is impacting the cybersecurity of companies
Hackers are using the Covid 19 pandemic systematically for their own purposes – during Corona, cybercrime as a whole increased by 600 percent. As a result, the German economy has suffered a total annual loss of 223 billion euros, reports the digital association Bitkom. In 2019, the amount of damage was only half as high at around 103 billion euros. Nine out of ten companies were affected by attacks this year and last year – once again significantly more than in 2018/2019, when three quarters of companies were victims of cyberattacks. Ransomware attacks are one of the main drivers of the huge increase: These record an increase of 93 percent in 2021. That means that every 14 seconds a new security incident occurs in which malware is used to extort a ransom.
“In addition to digital networking and the high number of vulnerabilities in IT products, the increased IT security threat situation can also be attributed to the home office situation,” says Janek Maiwald from DGC. “In order to maintain business operations, IT teams faced the short-term challenge of providing extensive services as well as hardware for a large number of home workers.” Due to inadequately secured company computers and a lack of security concepts and training, numerous new security vulnerabilities have emerged, allowing hackers to gain access to sensitive data.
“Further risks have arisen as a result of the hasty move to the cloud, which companies have been striving for in order to quickly scale digital services, not just since the pandemic, but increasingly as a result of it,” says Maiwald. At the same time, decision-makers should bear in mind that a cultural and technological change is taking place with the cloud migration, for which even seasoned IT employees need to be intensively prepared. “The administration of cloud systems works differently – when configuring them, all it takes is one wrong click and company data is freely accessible.”
Top 4 Cyber Security Learnings
But how exactly should companies proceed if they want to comprehensively secure their data, applications and systems? Janek Maiwald, CTO of DGC, summarizes the most important cyber security lessons learned from the pandemic that should be taken into account during optimization:
1. Take more precautions for IT security
Since the beginning of the Corona pandemic, millions of professionals are in the home office, where they are no longer automatically protected by the virtual IT walls of the company. Decision-makers should take this circumstance as an opportunity to fully secure every single workstation as a precautionary measure to minimize the risk of hacker attacks.
Precautions are also recommended when using new technologies such as cloud computing. It is best for companies to think about IT security at the same time when planning innovations such as the move to the cloud. It is also important to bear in mind that the learning curve for employees is slower due to the complexity and that there are currently hardly any cloud experts on the market.
2. Be vigilant and increase transparency on systems and applications
Today, it is essential for companies to develop control mechanisms with which they can permanently check their own IT network. After all, it is always possible that a company has already been hacked. Those who increase transparency can identify risks at an early stage and effectively secure networks and publicly accessible systems against hackers, malware or data leaks. In an emergency, a cyber attack can be stopped before major damage occurs.
Since required security tools are sometimes difficult to interpret and constant vigilance ties up internal resources, it makes sense to cooperate with a specialized service provider such as DGC. The aim should be to monitor and defend against attacks as comprehensively and effectively as possible.
3. Provide a secure basis for the onboarding of new employees
With the ongoing pandemic, companies are still hiring new employees: It is not uncommon for new colleagues to start work at their desks at home. This requires systematic onboarding processes in which the IT department is involved at an early stage. For example, computers sent to the home office need to be secured in advance so that the user is already securely connected to the corporate network when he or she logs in for the first time.
Furthermore, it pays off to sensitize employees to risks and current hacker tactics through IT security awareness trainings – which by far do not only concern new employees. It is advisable to empower the entire workforce to secure the IT security structure. Because the fact is: Nine out of ten attacks still start with the human factor. In this context, experts refer to social engineering.
4. Plan security measures sustainably and interdependently
IT threats and potential attacks from the network are constantly changing and complex. Therefore, companies can hardly rely on isolated individual measures to increase their own cyber security. Let’s take pentesting , for example: a security expert provides clarity about the current IT security situation by simulating cyber attacks and helps to identify and close vulnerabilities at an early stage. However, a one-off, stand-alone approach is unlikely to provide lasting security.
We advise companies to take a holistic view of IT security and secure infrastructures with combined measures. In addition to regular pentests, these include continuous vulnerability monitoring, awareness training, and incident management for emergencies.
With a tailored security package, companies are able to leverage the potential of their own digital transformation and not be directed by risks from the network. Last but not least, an IT security strategy implemented with experts can help to obtain better conditions for cyber insurance.