During and after my studies of business administration I worked in different areas and companies. Most recently, almost 5 years in the corporate development/strategy of a semiconductor company with a big focus on automotive applications. During my master’s studies, I mainly focused on entrepreneurship, innovation management and digital topics. That’s why I wrote my master thesis about digital business models. Since August this year I’m working as a consultant in the areas of cyber security and digital transformation and to be honest I’ve more questions than answers after the first weeks.
However, the questions relate less to the topics of cyber security or digital transformation and more to the careless handling of cyber security or the lack of awareness of how to deal with it properly. Especially since Covid-19, IT in companies has become more important than ever, as home offices and digital applications have increased rapidly. This is not meant to be an accusation against companies, management or owners, but I would like to briefly point out where the problem is.
In the literature and in practice, it is now quite clear that a complete IT strategy is needed to achieve the best possible output and result regarding digital issues. Of course, it’s possible to achieve an advantage in efficiency and productivity even with small transformation processes, but it is only when you have carried out the transformation across all departments and the company that you can reap the complete benefits and implement new technologies at any time. This is also underlined by an example on the topic of intelligent process automation (IPA) in Harvard Business Manager 07/2021.
It’s a similar story with cyber security. Historically, corporate IT departments have been trained to protect their network from unauthorized access. But is that enough today? At e2 Security, we believe that even a good and secure cyber security strategy should be holistic and thought through to the end. Below are 3 short examples to better explain and understand the issues:
- Since Covid-19, the topic of home office has become a normal everyday activity, which I also appreciate. But how secure are the mobile devices (e.g., notebook, smartphone) and the networks (e.g., home, train, café) that employees use? Since IT cannot be sure where and, above all, under what conditions employees log into a network, it should be a top priority to ensure that mobile devices (operating systems) are always up to date. This is the only way to ensure that security remains in place in potentially rather insecure network environments. If this is not the case, there may be a high risk, which can be exploited by third parties.Food for thought: The use of cloud platforms and multi-factor authentication (MFA) may reduce some of the risks and effort because the competence and responsibilities are with the cloud operators. In addition, you should have your system checked at regular intervals by professional cyber security companies, because “Nine out of ten companies (88 percent) were affected by attacks in 2020/2021” And every year, the German economy suffers total damage of 223 billion euro due to theft, espionage and sabotage. This was reported by Bitkom, the industry association for the German information and telecommunications sector, on August 5, 2021 (source below).
- Let’s assume a company wants to implement its own online store or app. Who will maintain it? Who takes care of compliance? Are the interfaces in the payment process secure? Is the customer data transmitted securely or are the customers themselves at risk during the process? Are potential vulnerabilities regularly tested and subsequently remedied? Is there the right competence in the company for this topic? I’ve been able to learn a lot in recent weeks thanks to our own penetration testers, but I also had to realize that there are an incredible number of security vulnerabilities and that they can be hacked within minutes. And every additional digital process or service requires even greater attention because it can offer more potential points of entry for unauthorized persons.Food for thought: Use certified and well-supported tools from reputable vendors and let them review by experts.
- Autonomous driving and Industry 4.0 or Smart Factory are a big topic and offer enormous advantages at the same time. But here, too, the risk of vulnerability increases, because cars or machines that are online and communicate offer more attack surface for potential unwanted intruders. I’m a big fan of autonomous driving and follow the development with enthusiasm. But it shouldn’t be forgotten that there must be new security concepts for autonomous cars traveling at high speeds. And these should be co-developed with the support of cyber security experts and not exclusively by classical engineers who have so far taken care of advanced driver assistance systems (ADAS). Because the requirements for security systems are becoming more complex with change and connectivity. This also applies to smart machines. Should hackers be able to penetrate them, they could stop the entire production. Particularly in the case of updates, the utmost caution is called for! Before updates are implemented, they should be checked for vulnerabilities.Food for thought: Be aware that the complexity of security increases with every new digital process and update, and that new expertise is needed to make the entire system secure and keep it secure.
Finally, I would like to emphasize that I don’t want to spread scare scenarios or fear here (I love digital issues), but it is important to me to raise awareness of the topic. Because I noticed in a few weeks that the topic of cyber security is not addressed often and deeply enough in the broad mass and especially in the context of the increase in digital issues. Please deal extensively with the topic of cyber security for your own protection, but also for the protection of your customers.
Keep in mind: Digital transformation requires a solid cyber security!
Bitkom „Angriffsziel deutsche Wirtschaft: mehr als 220 Milliarden Euro Schaden pro Jahr“: https://www.bitkom.org/Presse/Presseinformation/Angriffsziel-deutsche-Wirtschaft-mehr-als-220-Milliarden-Euro-Schaden-pro-Jahr