Digital defense: How companies can protect themselves from cyber threats

It was one of the biggest data leaks in recent years. In 2017, hackers gained access to data from the US credit agency Equifax and stole over 143 million consumer data. The leak attracted a great deal of attention in the USA in particular, after all, 44 percent of the US population had just been victims. “We have more work to do and we will do that,” promised former Equifax CEO Rick Smith.

This example is just one from the recent past. The threat of hacker attacks poses an ever-increasing risk. In order as a company not to become a victim of a data leak itself and to risk both financial damage and a loss of image, it is essential to establish a comprehensive cyber security strategy. But what does the term “cybersecurity” actually cover?

Cybersecurity aims to protect computer systems, networks, data, and any digital information from unauthorized access by using specialized technologies, strategies, practices, and policies. In addition, there are the following protection goals in information security, which form the basis for a suitable cybersecurity strategy: confidentiality, availability and integrity. A comprehensive strategy includes the analysis of risks and protection goals and the derivation of appropriate measures.

In the crossfire of hackers

In recent years, the threat to companies has increased many times over. Increasing digital networking and dependence on digital business processes and online platforms pose a large area of attack. In addition, companies are becoming increasingly lucrative for attackers by storing large amounts of data. But technological progress is also making cyber attacks ever more complex and dangerous. Companies are exposed to a permanent, real threat, as automated virus programs search for weaknesses in systems and infrastructures every second. But there are other dangers lurking.

So-called “advanced persistent threats” (APTs) consist of complex, targeted and effective attacks on IT infrastructures and confidential data. Particularly lucrative companies become victims of such attacks, as the attacks require a great deal of effort and are therefore usually targeted. There are two different procedures: On the one hand, such an attack can result from a very aggressive spread and paralyze a company's entire infrastructure. On the other hand, the attacker can act very subtly to remain undetected for as long as possible. There are various ways to achieve these goals.

One type of threat is malware. This term includes various types of malware, such as viruses, spyware, Trojans, worms, etc. Employees themselves play a central role in this. In fact, malware usually spreads through carelessness and manipulation. Fake emails, websites, etc. should give a reputable impression and keep victims safe. This so-called “phishing” can have fatal consequences, as corporate systems can be infected by any malware. If “ransomware” penetrates the system, it can cause massive damage. This malware encrypts all data, making access impossible. The attackers are thus blackmailing companies and demanding a ransom so that the data can be decrypted again. While the systems are blocked, operations are virtually impossible and entire business areas come to a standstill. A victim from the recent past is the Danish Maersk container shipping company. Infected accounting software meant that more than 45,000 client PCs and 4,000 servers had to be reinstalled. During these 10 days, all logistics came to a standstill. The total damage is estimated at around 300 million euros.

The “phishing” procedure is a form of “social engineering.” Hackers are thus trying to obtain sensitive data by manipulating employees. It also happens that attackers, for example, call appropriate people in the company and pretend to be colleagues in order to obtain information. Especially at large corporations, not all colleagues know each other personally. Attackers often have an easy game here. Through various psychological tricks, they try to gain the trust of the other person and thus get the victim to take the desired action. Whether it's resetting passwords, giving out confidential information, or even bank transfers. According to the Data Breach Investigations Report By Verizon, 74% of security breaches in 2023 were made possible by successful social engineering attacks or other human weaknesses.

If the software on computers and laptops is not up to date, there is also an attack surface here. Missing security updates that close security gaps in applications create entry points for attackers.

Passwords are another important aspect that most users consider trivial. These are often not strong enough and do not adequately protect accounts. Automated programs can thus quickly crack accounts and gain access to sensitive data.

If companies use cloud providers, there are further risks. For example, if a company is affected by a DDoS attack and hosts its data with a cloud service that works with multi-tenant environments, other companies that share the physical hardware with the affected company may also be affected. In addition, the cloud provider itself is responsible for security. As a customer, the impact is very limited. Should the cloud provider be directly affected by a hacker attack, the data of individual companies is also at risk.

As different as the forms of attack may be, they all involve financial damage, loss of reputation and, where appropriate, legal consequences. It is therefore important to develop and implement appropriate security strategies.

What can be done to improve safety?

Firewalls and so-called intrusion detection systems (IDS) are critical to protect internal networks. This is the only way to detect, report, and block unusual network activity before unauthorized access can be gained. In addition, efficient update and patch management is essential to keep the software used in the company up to date and to close potential security gaps. Investing in spam filtering services is also critical to ensure that employees are not tempted to click on harmful attachments or links in emails and to minimize the risk of phishing attacks. A password manager and randomly generated, strong passwords also provide improved protection.

To ensure that the data is not irrevocably deleted or encrypted even in the event of a successful attack, it is extremely urgent to regularly back up full backups to external servers in order to be able to restore the data. The most important point in the cybersecurity strategy is employee training and awareness, as a majority of attacks are the result of human error. With the help of regular training and awareness training, employees get an understanding of how... and keep this risk more in mind.

In general, penetration tests are also a suitable method for verifying existing security measures. For example, specialized companies can be tasked with carrying out DDoS attacks, sending “fake” emails or calling employees in person and trying to obtain information from the company. The evaluation of the tests provides information on how well the strategies implemented so far are working and where there is a need for optimization.

As methods, both technologically and on a human level, are constantly evolving, it is important to keep an eye on these trends and to analyse and optimize your own cybersecurity strategy as needed.

Also legally relevant

In addition to the financial and image damage that a data leak can cause, there is also the risk of legal consequences. The General Data Protection Regulation (GDPR) states in Article 5 Chapter 1 f) that companies must ensure an appropriate level of security for personal data in order to protect the data from accidental destruction or damage. If companies do not comply and cause damage as a result, they may face significant fines, claims for damages and even criminal prosecution.

Always on guard

A well-thought-out and comprehensive cybersecurity strategy is essential to protect yourself from potential attacks in the best possible way. This requires a holistic strategy that sufficiently covers both technical and human aspects. The strategy should be regularly evaluated and, if necessary, adjusted in order to be able to optimally counter the risks.

‍