Blog-Layout

Digital transformation requires a solid cyber security

Marc Stunz • Sept. 14, 2021

For English, please scroll to the end of this blog article
Für Englisch, scrollen Sie bitte an das Ende dieses Blogartikels

During and after my studies of business administration I worked in different areas and companies. Most recently, almost 5 years in the corporate development/strategy of a semiconductor company with a big focus on automotive applications. During my master’s studies, I mainly focused on entrepreneurship, innovation management and digital topics. That’s why I wrote my master thesis about digital business models. Since August this year I’m working as a consultant in the areas of cyber security and digital transformation and to be honest I’ve more questions than answers after the first weeks.

However, the questions relate less to the topics of cyber security or digital transformation and more to the careless handling of cyber security or the lack of awareness of how to deal with it properly. Especially since Covid-19, IT in companies has become more important than ever, as home offices and digital applications have increased rapidly. This is not meant to be an accusation against companies, management or owners, but I would like to briefly point out where the problem is.

In the literature and in practice, it is now quite clear that a complete IT strategy is needed to achieve the best possible output and result regarding digital issues. Of course, it’s possible to achieve an advantage in efficiency and productivity even with small transformation processes, but it is only when you have carried out the transformation across all departments and the company that you can reap the complete benefits and implement new technologies at any time. This is also underlined by an example on the topic of intelligent process automation (IPA) in Harvard Business Manager 07/2021.

It’s a similar story with cyber security. Historically, corporate IT departments have been trained to protect their network from unauthorized access. But is that enough today? At e2 Security, we believe that even a good and secure cyber security strategy should be holistic and thought through to the end. Below are 3 short examples to better explain and understand the issues:

  1. Since Covid-19, the topic of home office has become a normal everyday activity, which I also appreciate. But how secure are the mobile devices (e.g., notebook, smartphone) and the networks (e.g., home, train, café) that employees use? Since IT cannot be sure where and, above all, under what conditions employees log into a network, it should be a top priority to ensure that mobile devices (operating systems) are always up to date. This is the only way to ensure that security remains in place in potentially rather insecure network environments. If this is not the case, there may be a high risk, which can be exploited by third parties.Food for thought: The use of cloud platforms and multi-factor authentication (MFA) may reduce some of the risks and effort because the competence and responsibilities are with the cloud operators. In addition, you should have your system checked at regular intervals by professional cyber security companies, because “Nine out of ten companies (88 percent) were affected by attacks in 2020/2021” And every year, the German economy suffers total damage of 223 billion euro due to theft, espionage and sabotage. This was reported by Bitkom, the industry association for the German information and telecommunications sector, on August 5, 2021 (source below).
  2. Let’s assume a company wants to implement its own online store or app. Who will maintain it? Who takes care of compliance? Are the interfaces in the payment process secure? Is the customer data transmitted securely or are the customers themselves at risk during the process? Are potential vulnerabilities regularly tested and subsequently remedied? Is there the right competence in the company for this topic? I’ve been able to learn a lot in recent weeks thanks to our own penetration testers, but I also had to realize that there are an incredible number of security vulnerabilities and that they can be hacked within minutes. And every additional digital process or service requires even greater attention because it can offer more potential points of entry for unauthorized persons.Food for thought: Use certified and well-supported tools from reputable vendors and let them review by experts.
  3. Autonomous driving and Industry 4.0 or Smart Factory are a big topic and offer enormous advantages at the same time. But here, too, the risk of vulnerability increases, because cars or machines that are online and communicate offer more attack surface for potential unwanted intruders. I’m a big fan of autonomous driving and follow the development with enthusiasm. But it shouldn’t be forgotten that there must be new security concepts for autonomous cars traveling at high speeds. And these should be co-developed with the support of cyber security experts and not exclusively by classical engineers who have so far taken care of advanced driver assistance systems (ADAS). Because the requirements for security systems are becoming more complex with change and connectivity. This also applies to smart machines. Should hackers be able to penetrate them, they could stop the entire production. Particularly in the case of updates, the utmost caution is called for! Before updates are implemented, they should be checked for vulnerabilities.Food for thought: Be aware that the complexity of security increases with every new digital process and update, and that new expertise is needed to make the entire system secure and keep it secure.

Finally, I would like to emphasize that I don’t want to spread scare scenarios or fear here (I love digital issues), but it is important to me to raise awareness of the topic. Because I noticed in a few weeks that the topic of cyber security is not addressed often and deeply enough in the broad mass and especially in the context of the increase in digital issues. Please deal extensively with the topic of cyber security for your own protection, but also for the protection of your customers.

Keep in mind: Digital transformation requires a solid cyber security!

 

Source

Bitkom „Angriffsziel deutsche Wirtschaft: mehr als 220 Milliarden Euro Schaden pro Jahr“: https://www.bitkom.org/Presse/Presseinformation/Angriffsziel-deutsche-Wirtschaft-mehr-als-220-Milliarden-Euro-Schaden-pro-Jahr

Cybersecurity auf neuem Niveau: e2 Security entdeckt kritische Sicherheitslücke bei Microsoft mit selbst entwickeltem XSS-Tool

von Ibrahim Husić 01 Dez., 2023
GERMAN:

KI und maschinelles Lernen: Die nächste Grenze der Cybersicherheit

von Radha Mehta 09 Nov., 2023
GERMAN: Die nächste Grenze der Cybersicherheit: KI und ML revolutionieren die Cybersicherheit, indem sie intelligentere Verteidigungsmaßnahmen und adaptives Lernen ermöglichen. Diese Technologien verbessern die Erkennung von Bedrohungen und die Effizienz der Reaktion. Neue Herausforderungen wie feindliche Angriffe erfordern jedoch eine Mischung aus neuen und traditionellen Sicherheitsansätzen.

Automatisierte Penetrationstests mit maschinellem Lernen: Die Zukunft der Cybersecurity

von Radha Mehta 12 Okt., 2023
GERMAN: In einer Zeit, in der sich Cyber-Bedrohungen in einem noch nie dagewesenen Tempo weiterentwickeln, ist die Notwendigkeit robuster Sicherheitsmaßnahmen unübersehbar. Da Unternehmen ihren digitalen Fußabdruck immer weiter ausdehnen, wird es immer schwieriger, einen engen Sicherheitsrahmen aufrechtzuerhalten. Die Nachfrage nach zeitnahen und effektiven Penetrationstests ist gestiegen, was zur Konvergenz von maschinellem Lernen und Cybersicherheit geführt hat und eine neue Ära der automatisierten Penetrationstests einläutete.

Im Visier der Cyberkriminellen: Die bedrohliche Welt der Ransomware

von Ibrahim Husić & Justin Shabani 12 Sept., 2023
GERMAN: In einer zunehmend vernetzten Welt, in der unsere Abhängigkeit von digitalen Systemen stetig wächst, sind wir auch anfälliger für eine dunkle Bedrohung namens Ransomware. Diese bösartige Software hat in den letzten Jahren einen erschreckenden Aufschwung erlebt und richtet erheblichen Schaden an. In diesem Artikel werden wir uns eingehend mit der Welt der Ransomware beschäftigen, ihre Entstehung, ihre Ziele und die Motivationen hinter diesen Cyberangriffen. Die Einführung in Ransomware Ransomware ist eine Art von Schadsoftware, die entwickelt wurde, um den Zugriff auf Computersysteme oder Daten zu blockieren, bis eine Geldsumme (Lösegeld) bezahlt wird. Typischerweise verschlüsselt Ransomware die Dateien des Opfers und fordert die Zahlung in Kryptowährung für den Entschlüsselungsschlüssel. Es ist beängstigend zu wissen, dass Ransomware-Angriffe in den letzten fünf Jahren um 13% gestiegen sind, wobei der durchschnittliche Schaden pro Vorfall bei 1,85 Millionen US-Dollar liegt. Das Ziel der Angreifer: Dateien im Visier Die Ransomware versucht nicht, jede Datei auf dem infizierten System zu verschlüsseln. Stattdessen sucht sie gezielt nach bestimmten Dateitypen, die wahrscheinlich wertvolle Inhalte enthalten. Über 300 Dateierweiterungen sind im Visier, darunter 17 Arten von Mediendateien. Diese gezielte Auswahl ermöglicht es den Angreifern, den maximalen Schaden zu verursachen.
Weitere Beiträge

Let's talk.

You have questions about this article or want a consultation?

Please contact us directly!

Let's talk.
Share by: