In the current geopolitical situation, alarming developments are causing unease in many companies. What security measures should they take in response to a changed threat situation and what should German SMEs expect?
- Despite current threats from geopolitical aggressions, the ongoing threat of organized cybercrime must not be neglected.
- Attacks in the context of warlike escalation can cause unintended side effects, so-called spillover effects.
- Smaller companies have often not implemented basic cyber security measures and are therefore particularly vulnerable.
Microsoft recently analyzed the effects of the Ukraine war in cyberspace. The study comes to the conclusion that in addition to the USA also European states are exposed to additional cyber attacks. According to the study, Russian intelligence services have intensified their attempts to penetrate government and corporate networks. Current media reports confirm the threat: Recently, it became known that suspected Russian attackers were planning cyber attacks on around 150 companies, mainly electricity and water suppliers.
The Vice President of the German Federal Intelligence Service BND, Wolfgang Wien, warned during the Potsdam Conference on National Cyber Security: "We must be aware: Russia is in our networks, China is in our networks". He added: "Let us please assume that this is prepared, we must assume that there is more prepared".
The impact of such news is not lost: Many companies ask themselves whether additional security measures are necessary and what they should look like. In particular small and medium-sized enterprises (SMEs) often find themselves helpless in the face of security requirements. We therefore asked three leading experts for their assessment and recommendations.
Why it is important to protect company now
Holger Berens, Chairman of the Board at the German Association for Critical Infrastructure Protection (BSKI), advises not to lose sight of the dangers posed by attacks from the field of organized cybercrime despite the tense security situation:
Despite the seriousness of the situation, there is currently no increased danger of targeted Russian cyber attacks on companies. The attackers are focusing on gathering information from public institutions in order to find out what sanctions and measures are being taken against Russia. Another aim is the infiltration and disruption of our system by means of attacks on critical infrastructures. However, organized crime remains the greatest threat, especially for German SMEs. This has become an economic sector that can be economically booked by any criminal without much effort via franchising on the darknet. SMEs should find out which business processes are essential to them and protect them as a priority. A specific, tailor-made ISMS is necessary. Intrusion detection systems, zero trust and regular vulnerability analyzes as well as corresponding awareness measures are also part of a resilient system.
In her contribution, Simran Mann, security policy officer at the German Information and Telecommunications Industry Association (Bitkom), also points out the dangers of spillover effects, which can affect companies that are not the actual target of an attack through unintended side effects:
The Russian war of aggression also has an impact on German cyberspace. Although German companies have so far not been systematically attacked, this is becoming more likely as the war continues. This also becomes clear through so-called "spillover effects", such as the attack on the Ka-Sat 9A satellite. Therefore, it is once again important to take digital protection measures to heart and to secure one's own infrastructures. This means, carrying out security updates and creating back-ups. In addition, clear responsibilities should be defined for the security area. The following applies: cyber security is a matter for the boss. The management level must establish the priority of IT security. It is also important to raise employees awareness and educate them about dangers. Every company also needs an emergency plan that defines the procedure in case of an incident. It should include emergency contacts, reporting obligations and prepared crisis communication.
Manuel Bach heads the cyber security unit for small and medium-sized enterprises (SMEs) at the Federal Office for Information Security (BSI). He emphasizes that many smaller companies in Germany expose themselves to unnecessary dangers because they have not implemented basic cyber security measures:
The Ukraine war does not make a big difference for Germany's SMEs in terms of cyber security. But it is still a problem that many companies in Germany have not implemented basic cyber security measures. Therefore, their systems can be infected by automated methods with simple means. For these companies, spying or deletion of company and customer data by ransomware groups still poses the greatest danger. Yet most of these attacks can already be averted through basic cyber security measures: Regularly applying updates, disabling macros in file attachments and downloaded files, using 2-factor authentication and a good data backup concept. If a company is not well versed in information technology - which is often the case - it should commission a qualified service provider to operate and protect its own IT.
Basic security measures remain elementary
The lack of destructive attacks so far is no reason for the experts to sound the all-clear. Dangers arise especially when companies neglect protective measures, the experts agree. Regular updates should be just as standard as regular reliable data backups. In addition, 2-factor authentication, intrusion detection systems and regular vulnerability analyzes are important. Preparation for possible emergencies, for example in the form of emergency plans, must not be neglected.
It has to be reminded again and again that cyber security is a matter for the boss. The management level is called upon. If necessary attention is lacking, technicians and admins will have a hard time implementing security measures to adequately secure the company.
