Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

symbol image cybersecurity
  • Industry News
  • Management, Awareness and Compliance

Cyber attack: Why the emergency plan is crucial

The relevance of emergency prevention is emphasized by security specialists, because after a successful attack it is usually too late. Without precautions and outside support, the consequences are often impossible to deal with, or can only be dealt with at great expense. What are the typical mistakes and how can service providers help?

Anyone who falls victim to a cyber attack has a lot to do and is all too often faced with a shambles. Those who have prepared themselves in advance come out of it better. But the same mistakes happen again and again.

Victims of a cyber attack face a second fiasco in the aftermath if no emergency precautions were taken. They run the risk of suffering a long-lasting and expensive breakdown, sometimes even bankruptcy, because the company does not manage to get back into regular operation. We name typical mistakes.

Recently, several German media houses have been victims of cyber attacks. These initially included the "Heilbronner Stimme", the Madsack Media Group and the Funke Media Group, as well as an IT service provider for the news agency dpa. Now the Rheinische Post (RP) has also joined the list of those attacked. A cyber attack on the Rheinische Post media group's in-house IT service provider CircIT was the cause. Several other publications such as the Bonner General-Anzeiger, the Aachener Nachrichten, the Saarbrücker Zeitung and the Trierischer Volksfreund were also affected.


Attack spreads far and wide: Handelsblatt also affected

Later it turned out that the successful attack had even wider implications: "The Handelsblatt is also a customer of the company and, due to the failure of the service provider, can temporarily only publish a print edition that is reduced in scope," press reports stated.

The RP Media Group called in external specialists for IT security: "Together with external security experts, the media group is now working to restore secure operations," the company told the German news agency Evangelischer Pressedienst (epd), according to There is said to have been no loss of data: "Data from users and customers was neither stolen nor compromised in any way," as the media group explained. Subsequently, work would be done in cooperation with specialised staff to restore normal operations.

Nevertheless, online editions were offline for several days or news portals were only accessible to a limited extent. Often, printed newspapers were only published as emergency editions, including the RP.


Differences in provision become visible

Soon after the attacks, differences in the effects became apparent, which indicate the effectiveness of the precautionary measures. While some only had to deal with restrictions and failures for a few days or had to work in emergency mode, others were only back to normal operation after several weeks. In a statement, a spokesperson for the RP therefore explicitly emphasised "the well-functioning emergency management".

The relevance of emergency prophylaxis is therefore increasingly emphasised by security specialists, because after a successful attack it is usually too late. Without precautions and external support, the consequences are often impossible or can only be dealt with at great expense.


Typical mistakes in emergency preparation:

  • Missing or insufficient backup copies.
  • Many companies lack contingency plans for different scenarios
  • Emergency plans have not been sufficiently tested, errors only become apparent in an emergency.
  • Underestimation of risks and threats

The least companies have sufficiently trained staff to be able to deal with extreme situations entirely on their own. However, recourse to external service providers after a loss is usually difficult unless a contract has been signed in advance with a service provider for IT security. Getting help from specialists at short notice is almost impossible, as they are usually well booked. In addition, the external experts need an overview of the company-specific IT structures. If these have to be worked out after an emergency, valuable time is lost. Larger companies know this and have usually taken appropriate precautions. However, the situation is different in small and medium-sized businesses. Many think it cannot affect them, others believe they can cope with the consequences of an attack themselves. However, they often underestimate the necessary measures, starting from possible negotiations with ransomware extortionists to cleaning up and restarting affected systems.

The German government has therefore attached great importance to emergency prevention in the recently presented national IT security strategy.


This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.