The “Hillary” case illustrates the problem
During the US presidential elections in November 2016, the Democrat candidate Hillary Clinton had to contend with one serious error: during her time as US Secretary of State, she had used a private email server for both her private and professional email correspondence “out of convenience” – a striking security risk which opened the doors to unauthorized use of data. What happened here is also one of the biggest weaknesses for companies in terms of security: emails including masses of malware, uncontrolled internet access, and human error are still the biggest security risks in the digital world. In addition, more and more people are using tablets and smartphones for work – but 17 percent of smartphones used in SMEs are still unsecured (DsIN SicherheitsMonitor 2016 Mittelstand. IT-Sicherheitslage in Deutschland. 2016, p.13).
Digitization is seeing the interlinking and interaction of systems, machines, business areas, back office, service providers, suppliers, crowd services and not least, customers take on a new dimension. It’s clear that this complexity also comes with new security risks. Many companies are seeing the opportunities which digitization brings with it for increased productivity, efficiency and customer retention. But they often still neglect to see the increased risk of a threat posed by digital attackers and security flaws.
IT specialists can act as important advisers for management and employees. And as adept strategists who maintain an overview in order to develop comprehensive, company-wide security strategies.
A danger foreseen, danger averted
According to the study “Digitalisierung und IT-Sicherheit” by the Bundesdruckerei in collaboration with KANTAR EMNID, the need to improve technical IT security measures was recognized by 43 percent of companies, while 39 percent identified a need for improved organizational measures and 32 percent wanted to improve personnel IT security measures.” (Bundesdruckerei GmbH in collaboration with KANTAR EMNID, Studie Digitalisierung und IT-Sicherheit in Deutschen Unternehmen, 2017, p.5).
Nevertheless, the industry is caught in a dilemma: digital transformation is progressing at a breath-taking pace worldwide and you don’t want to be left behind. That’s why companies sometimes go along with the latest technology without being adequately prepared for serious emergencies, such as a cyber-attack.
A loss of customer confidence is the price to pay for disastrous security breaches
The issue of security is thus pushed into the background in favor of faster digitization - potentially with disastrous consequences. If, for example, customer data ends up in the wrong hands – as has already happened on a large scale at T-Online, the gaming portal Valve or Facebook – this causes irreparable damage to customer relationships, which can threaten the existence of small and medium-sized companies.
Over 50 per cent of companies affected
But the dangers arising from unsecured processes and IT weaknesses are even more diverse:
- Manipulation of data of all kinds
- Sabotage and manipulation of business processes or IT systems
- Theft of development know-how
- Theft of financial data
- Spying on electronic communications
According to the digital association BITKOM, 51 percent of companies were affected by industrial espionage, sabotage or data theft in 2014/2015 – mostly medium-sized companies with 100 to 499 employees. (BITKOM study report Spionage, Sabotage und Datendiebstahl– Wirtschaftsschutz im digitalen Zeitalter, Berlin 2015)
It can happen to any company or public authority and municipal institutions such as energy providers or public transport companies. The security company Sophos demonstrated the danger at CeBIT 2015 with a test set-up: just 15 minutes after the start, more than 700 attacks had been registered on the control system. At DEF CON 2016, hackers identified 47 critical security flaws in 23 IoT devices. In 2015, the Cyber-Security Council Germany estimated the annual damage caused by cyber-attacks to be around 50 billion euros – there are no precise figures as many companies do not report incidents.
The more complex the infrastructure, the more varied the dangers
External attacks are above all facilitated by internal weaknesses. These include:
- the pursuit of profit is more important than security, lack of investment in modern software and services
- understaffed IT departments with increasingly complex tasks
- shortage of staff competent in the area of IT security
- management and staff lacking an awareness of the risks
- traditional, poorly secured communication processes with authorities, suppliers, and customers are maintained for convenience
- a huge number of events to be supervised, in which an attacker can slip through the net unnoticed
What can IT managers do?
- It is generally recommended to try and adopt the perspective of an attacker, in order to gain an insight into their intentions and methods. This makes it easier to identify critical weaknesses and plug security holes.
- It is important to develop a company-wide, efficient overall strategy for IT security. This needs to effectively protect against risks, but without significantly impacting the performance of IT Infrastructure. In a nutshell: IT security must not become a bottleneck.
- As an IT specialist, you are in the ideal position to raise awareness around the subject of IT security among management and staff.
- Make IT structures leaner and masses of data more manageable. This is often simple and effective with professional, certified cloud solutions.
- Continuously monitoring and above all securing the interfaces between machines and equipment, and to external parties (cloud, branches, subsidiaries, warehouse, suppliers, customers...). Or choose a provider offering this as part of the service package.
- Careful assignment of access rights. Make sure that solutions purchased externally, such as cloud services for data storage and exchange, allow for this.
- Develop compliance regulations for the area of security and ensure these are adhered to.
- Basic protection through regular software updates, virus scans, firewalls, continuous monitoring of the overall IT system (weaknesses, cyber-attacks), and effective encryption methods.
This might also interest you
Futurologist Rohit Talwar: “Companies need to act to secure their future”
Interview with futurologist Rohit Talwar
The Road to Smart Logistics
Faltering manufacturing processes, production downtime, delivery problems, frustrated customers: anything that takes time and costs money in mechanical engineering or the automotive industry, also delays the process along the entire supply chain in the logistics sector. The solution: Transport Logistics 4.0.
Five Cloud Myths Dispelled
Since 2011, the usage of cloud services has strongly increased. Around 66% of all German companies rely on cloud computing (KPMG, Cloud-Monitor 2018). This increase shows the popularity of digitisation solutions in cloud computing matters. However, Germany is still one of the most sceptical countries globally. We want to use this blog post today to dispel five common and popular myths about the cloud.