Hacking & Defence

Discover our ultimate guide to hacking and defence!

Learn how to protect your IT systems, proactively identify and minimise IT security risks and best arm yourself against cyber threats in the digital world.

default Stage Background
it-sa 365 | Hacking & Defence

Hacking & Defence

Discover our ultimate guide to hacking and defence!

Learn how to protect your IT systems, proactively identify and minimise IT security risks and best arm yourself against cyber threats in the digital world.

Hacking & Defence

The guide to protection and security in the digital age.

Learn effective defence strategies and hacking methods. With our comprehensive topic page, you get useful tools, resources and expert tips to strengthen your cybersecurity and successfully counter attacks.

Facts & Figures

203 billions euros in losses incurred by companies in connection with theft, industrial espionage or sabotage in 2022 Source: Bitkom
116 million in twelve months in 2022 means that an average of 317,000 new malware variants were detected per day Source: BSI
9 out of 10 companies are victims of data theft, espionage or sabotage Source: Bitkom
69% of all spam mails in the reporting period of the BSI situation report were cyber attacks such as phishing mails and mail extortions Source: BSI

IT Security Gaps - gateways for hackers

In recent years, cybercrime has developed rapidly - companies are often left behind. What are the attack vectors? How can companies protect themselves? What role does human engineering play?  

In the interview, René Rehme clarifies security gaps in companies and institutions. He also knows which strategies cyber criminals use to carry out lucrative data extortion.

Please note: The video is in German

it-sa 365 | Hacking und Abwehr Infocube

Infocube with René Rehme

Expert knowledge in lecture form

Further actions on the topic live and on demand

Would you like to stay informed about the latest findings and trends in the field of "Hacking & Defence"?
Are you looking for an opportunity to expand your expert knowledge?
IT security experts share their know-how with you in interactive live formats. Take advantage of this opportunity and ask your questions directly.
Afterwards, all presentations are available on demand. No matter if you want to watch a certain presentation again or if you want to catch up on a missed presentation.

Register as a user of it-sa 365 and get access to our extensive knowledge hub!

These are the most common hacking methods

At the latest since the Corona pandemic in 2020, the number of hacking attacks has been increasing worldwide - at large companies as well as small and medium-sized enterprises. In addition to the frequency, the variety of methods is also increasing. Here you can read about the most common hacking methods.

it-sa 365 | Hacking - Phishing


Phishing is a scam that uses fake emails or websites to steal sensitive data such as login information or bank details. These emails often have features such as impersonal salutations, suspicious sender addresses and urgent requests, and they contain links to mock websites where the data is intercepted.

it-sa 365 | Hacking - DdoS

DDoS attack

Distributed denial-of-service (DDoS) attacks take down servers of large companies such as Amazon or eBay by bombarding them with fake requests from hundreds to thousands of unprotected computers, causing slowdowns or total failures. In addition, a DDoS attack can also be used as a diversion for other malicious activities.

it-sa 365 | Hacking - Malware


The Federal Office for Information Security considers malware to be an existential threat. Malware is designed to cause damage and can be installed in systems through various methods. The threat from ransomware remains high and could increase further through the use of artificial intelligence. Find out everything you need to know about malware here.

it-sa 365 | IT Security Update

Aufzeichnung IT Security Update mit Florian Heinemann

IT Security Update - Hacked with luck

The online shop Campuspoint.de was hacked and paralysed in September 2021.

In the IT Security Update with Community Manager Merve, owner Florian Heinemann, together with Wamoco the eCommerce agency, describes why the hack was possible in the first place and why he could have been punished for it, but in the end this did not happen.

This and other recordings of the IT Security Updates are available for free to registered users of it-sa 365. Or participate directly live in our community format.

Please note: The video is in German

Good to know -

what you should know about hacking & defence

  • What tools and technologies can we use to improve our IT security?

    Only the combined use of different tools and technologies results in reliable protection. Firewalls are important components of basic protection, they prevent unauthorised access to your network. They can be hardware or software-based and monitor and control incoming and outgoing network traffic based on a set of predefined rules. An equally important basic element is malware or antivirus protection. This software helps to detect and remove malicious software (malware) from your system. It does this by scanning your files and processes for known malware signatures and behaviours. 

    An intrusion detection system (IDS) is also helpful. It is used to detect and prevent unauthorised access to your network by monitoring network traffic for signs of suspicious activity. They work host- or network-based and analyse network traffic for signs of potential security breaches. An advanced level is the SIEM (Security Information and Event Management). This tool provides real-time support in managing and analysing security events from various sources. It can provide insight into potential security threats and help you take proactive measures. 

    Data Loss Prevention (DLP) is a useful addition 

    Data loss prevention (DLP) tools provide a useful complement. These tools are designed to prevent sensitive data from leaving your organisation's network by monitoring the flow of data. This can include identifying and preventing the transfer of sensitive data via email, file sharing services or other channels. 

    Increasingly, multi-factor authentication (MFA) is becoming the standard. MFA provides an additional layer of security by requiring users to provide more than one form of authentication before gaining access to a system or application. This can be something the user knows (e.g. a password), something he or she owns (e.g. a token or smart card) or something linked to his or her person (e.g. biometrics). Encryption is also becoming more and more standard. With encryption, data is stored in such a way that even if an attacker gains access to your data, he or she cannot read it without the corresponding key or code.

  • What IT security measures should we implement to prevent unauthorised access to our systems and data?

    First and foremost are strong passwords and authentication mechanisms. Ensure that your systems require strong passwords and authentication mechanisms such as two-factor authentication or biometric verification to access sensitive data. Furthermore, limit access to sensitive data and systems to those who need it to perform their tasks. Implement role-based access controls and limit administrator privileges to authorised personnel. 

    Encrypt sensitive data both in transit and in file repositories. In the event of data theft, this reduces the risk of misuse of that data. 

    Firewall and intrusion prevention systems (IPS) also help to prevent unauthorised access and to detect and block malicious data traffic. 

    Regular updates and patches are very important. Update your systems and applications regularly to close vulnerabilities and security holes that could be used for unauthorised access. Also implement security monitoring tools and processes to detect and respond to security incidents in real time. Don't forget to train your staff. Educate your staff on the importance of IT security and show them how to recognise and respond to security threats.

  • How can we train our staff on security awareness and safe computing practices?
    There are several ways, regular training is very effective. Schedule regular trainings to inform staff about the latest security threats and best practices. These trainings can cover topics such as phishing scams, password management and data protection. Offer hands-on training as much as possible. Such training can be more effective than lectures or presentations. You can also conduct simulated phishing attacks, password cracking exercises and other hands-on activities so that employees understand the risks and know how to deal with them. Use real-life examples of security breaches to illustrate the potential consequences of poor security practices. This can help staff understand the importance of being vigilant and following security procedures. Training should be designed as a regular process, not a one-off event. Remind staff regularly about best security practices and keep them up to date on the latest threats and vulnerabilities. 

    Also provide staff with a security policy. Develop as comprehensive a security policy as possible that outlines your organisation's security procedures and expectations. Make sure staff are aware of the policy and have access to it. 

    The key to effective security awareness training is to make it engaging, relevant and ongoing. By investing in security training, you can protect your business from costly security breaches and other cyber threats.

  • What policies and procedures should we put in place for incident response and emergency management?

    Incident response and emergency and crisis management are important components of the risk management strategy that every company should have. The following planning and procedures are necessary for this: 

    An Incident Response Plan (IRP) is a documented set of procedures that describes the steps to be taken in the event of a security incident or data breach. The IRP should include incident identification and classification, the notification and escalation process, incident analysis, incident response and recovery processes. This should be complemented by a business continuity plan that outlines how an organisation will continue to operate during and after an emergency. It should include a detailed assessment of potential risks, procedures for data backup and recovery, and a communication plan to ensure that key staff are informed and able to act. It should also include the definition of relevant variables such as recovery time and maximum allowable downtime. Contingency and recovery plans should be regularly tested, reviewed and updated.

    Composition of the Incident Response Team 
    For exceptional situations, an Incident Response Team (IRT) should be established to ensure that incidents are identified and resolved quickly and efficiently. The IRT should consist of members from the IT, security, legal and management departments. Regular training and awareness-raising activities should ensure that all staff understand the incident response and disaster recovery procedures and their role in them.

  • How can we regularly monitor our systems and networks for potential threats and abnormal activity?
    Use security information and event management (SIEM) tools. This tool allows you to collect and analyse logs from various sources on your network, including servers, network devices and also applications. SIEM systems can detect suspicious activity, such as failed login attempts, unusual network traffic and unauthorised access to systems. In addition, an intrusion detection and prevention system (IDPS) can be useful. These systems can detect and prevent attacks such as malware infections, denial-of-service (DoS) attacks and SQL injections. IDPS can also issue alerts when suspicious activity is detected.

    Endpoint Protection and Response (EDR) is state of the art 
    Endpoint Protection and Response (EDR) such as antivirus and anti-malware software protects your systems from viruses and other malware. It is part of the standard equipment in IT security. Conduct regular vulnerability scans. Vulnerabilities such as outdated software, unsecured ports and weak passwords can be detected by this. Supplement this with tools to scan for published vulnerabilities to automate this process. Also regularly test your systems and networks for vulnerabilities by simulating attacks. Use penetration testing tools to identify vulnerabilities and improve your security posture. 

    Keep an eye on user activity, including login attempts, file accesses and system changes. Use user activity monitoring tools to detect anomalous activity, such as unauthorised access to sensitive data. But be mindful of data protection, otherwise this will quickly become an own goal.
  • How can we keep our software and systems up to date?
    To ensure that your software and systems are up to date with the latest security patches and updates, you can follow these best practices: 

    Keep yourself informed about the latest vulnerabilities and threats by regularly checking security advisories from reliable sources such as the German Federal Office for Information Security (BSI) or the international Common Vulnerabilities and Exposures (CVE) database, as well as from manufacturers. Install updates and patches promptly as soon as they are available. Most software manufacturers regularly release security updates and patches to close known vulnerabilities. So make sure you check for and apply these updates regularly. 

    Enable automatic updates for your software and operating systems to ensure that important security updates are installed as soon as they become available. Prioritise updates according to the severity of vulnerabilities and the potential impact on your systems and data. Test updates in a non-production environment before deploying them to ensure they do not cause problems with your existing systems and applications.

    Also think about vulnerability scanners and patch management tools. 
    Using automated tools such as vulnerability scanners and patch management tools can be helpful in identifying vulnerabilities and applying patches to multiple systems. Monitor your systems regularly for signs of unusual activity or security breaches and follow up on suspicious activity immediately. 

    Educate your team on the importance of software and system updates and make sure they understand the potential risks associated with using outdated software and how security patches and reduces the risk of security issues and protects your organisation's data and assets.

How do you protect yourself from hacking attacks?

To be protected from hackers in the digital world, it takes an interplay of different factors. Here we present all the common protective measures.

it-sa 365 | Hacking - Firewall


A firewall is a widely used protective measure against cyber attacks that checks incoming and outgoing data packets and sounds an alarm if it detects unusual activity. It can protect individual computers or entire corporate IT environments, with user-specific control over which data packets are allowed through. Components of a firewall can be packet filters, URL filters, content filters and a proxy function; in addition, it can have a VPN (Virtual Private Network) that encrypts the network connection and protects it from attacks.

it-sa 365 | Hacking - Antivirus

Antivirus Software

Antivirus software is a jack of all trades: it scans the entire system for different types of malware and detects harmful files based on known patterns. Advanced programmes use behavioural analysis for real-time monitoring and proactive threat detection, automatically isolate detected malicious files and can then disinfect or remove them.

it-sa 365 | Hacking - VPN

Virtual Private Network (VPN)

A Virtual Private Network (VPN) that uses advanced encryption technologies is crucial for protecting sensitive data and security on the Internet. By creating a 'tunnel' between the end device and the internet, where only the IP address of the VPN server is visible, users can protect their identity and location. This is why VPNs are considered standard in companies to secure the internet connection.

it-sa 365 | Hacking - Training

Employee training

Cyber criminals often use the "human factor": they then use social engineering to get employees to pass on data. Training can educate employees about these dangers and prepare them to recognise and avoid such attacks. In addition, they should be educated about best password practices, as weak passwords are a significant vulnerability in cybersecurity.

it-sa 365 | Hacking - Security guidelines

Security guidelines

IT security policies, also known as Information Security Management Systems (ISMS), set clear standards for the secure handling of IT systems and data in an organisation, including password and Bring Your Own Device (BYOD) policies. An important component is the access and authorisation policy, which regulates access to systems and data and ensures that only authorised persons have access to sensitive information. A comprehensive security concept also includes policies on mobile device security, data backup and internet use, which can be tailored to the specific company by experts.

it-sa 365 | Hacking - Notfallplanung

Emergency plans

In the event of a cyber-attack, a prepared incident response plan is essential that defines responsibilities and procedures for responding to security incidents, including identification, assessment, mitigation and recovery. A communication plan for internal and external corporate communication as well as a reliable backup arrangement are also important parts of the emergency strategy.

Top tools/providers for hacking attacks

1. Intrusion Detection System (IDS): An IDS monitors network traffic and analyses it for suspicious activity or anomalies. It detects potential attacks and notifies the security team to take appropriate action.

2. Firewall: A firewall is a basic security solution that monitors and controls traffic between an internal network and external networks. It blocks unwanted access from the outside and protects against known threats.

3. Antivirus Software: Antivirus software is designed to detect and block malicious software such as viruses, Trojans and malware. It scans files, emails and downloads for malicious code and provides real-time protection against known threats.

4. Security Information and Event Management (SIEM): SIEM tools capture and analyse security events and logs in real time. They aggregate data from multiple sources, identify anomalies or suspicious patterns, and enable effective monitoring of security incidents.

5. Penetration Testing Tools: Penetration testing tools are used by organisations to test their own systems and networks for vulnerabilities. These tools mimic attacks to identify potential vulnerabilities and verify the effectiveness of security measures.


You are not yet a registered user of it-sa 365?

The it-sa 365 platform is available to you as a digital HOME OF IT SECURITY all year round. As a registered participant, you can use the platform free of charge and have the opportunity to network with experts and enter into direct dialogue 365 days a year. You can participate in the IT Security Talks and other events & actions at it-sa 365 free of charge. We will also keep you up to date with news about our digital programme and the it-sa Expo&Congress on site in Nuremberg.

We look forward to you joining the it-sa 365 community!