In recent years, the risk of falling prey to extremely professional cybercrime has dramatically gone up. Large-scale cyber attacks on companies are no longer arbitrary operations that exploit a current vulnerability. Instead, criminals have come to choose their victims for maximum gain, with motives ranging from corporate espionage, to ransom, to sabotage. They may seek to lift business secrets such as construction or customer data, or indeed simply cause damage to their target.
Many organisations lack the experience to build effective defences against today’s highly advanced attacks, even as the threat to companies and public services is on the rise. With knowledge, trust and revenues at risk, the stakes are high. Focused attacks on critical infrastructure may even jeopardise the administration and essential supplies to whole communities. Quite often, the momentary disruption is not what causes the biggest damage. Companies suffer the most in the wake of corporate espionage or their dwindling reputation.
How can you beat hackers to the punch and keep your biggest asset – your sensitive data – out of harm’s way? Talk to our experts on cybercrime and defence and benefit from their extensive knowledge and experience, and the most cutting-edge expertise to protect your business. Learn more now!
Head of Cyber Defense Center
When it comes to cyber security, we are in a race against hackers and time. Cyberattacks have become a lucrative line of business as rapid technological development unfortunately plays into the hands of cybercriminals. Stay protected from lurking threats.
The EU’s General Data Protection Regulation (GDPR) gives organisations a 72-hour window to report security incidents. At the same time, many companies in Germany lack the resources and the experience they need to brace for professionally executed cyber attacks. According to the Federal Office for Information Security (BSI), there’s a broad spectrum of common attacks: from simple hacks motivated by criminal energy, to intelligence or military operations, cyber terrorism, and economic espionage. Most of them aim to exploit infrastructure or data. However, attacks to your information security can also come from inside. This multitude of motives and players leads to a whole haze of threats that companies have to be prepared for on a number of layers. In order to protect your systems against internal and external threats, you have to take action. With Bechtle, you can be safe in the knowledge that your business secrets and customer data are out of attackers’ reach. Our experts are happy to plan, implement and manage your individual cyber defence solution.
Making sure that everything and everyone in your company complies with the GDPR and related policies and regulations is a data protection officer, who may be an internal employee or even an external entity. The GDPR requires every company that processes data as part of its business to name a data protection officer. But in many companies, finding the right person for the job is easier said than done, because they have to strictly eliminate any potential conflict of interest between this role and their usual day-to-day tasks. IT, HR or executive management staff rarely make good candidates because of the nature of their role within the company, and their proximity to sensitive data.
Many small companies hence do not have the internal structures it takes to ensure compliance on all accounts. The solution to this conundrum is an external data protection officer, who can enforce policies and assist employees when they need help. The obvious benefit of having an external data protection officer is that these are highly specialised experts who know the ins and outs of the GDPR and related issues. This can save a company significant time and money they would otherwise have to sink into training, research and consulting. Plus, an external data protection officer is never side-tracked by other tasks.
In addition to the legal cover that you may get from specialised agencies, our experts also understand the operational aspects as well as the technology behind it all, for a 360-degree solution. Benefit from our abundance of experience in IT, security and project work. Our specialists for data protection and information security are happy to help you tailor an integrated solution that is right for you.
Bechtle helps organisations establish effective defences and manage acute crises. From prevention to direct incident response, all the way to post-attack forensics, we’ll help you recover and secure your systems and analyse how attackers were able to break into your system. Cybercrime has come to paralyse businesses every day, and cases that make the press are just the tip of the iceberg. Sometimes, victims are unaware of the real damage for quite some time after an attack, and information leaks may come back to haunt them when they least expect it.
Bitkom suggests that targeted cyber attacks alone siphoned 40 bn euros off the German economy in 2017/2018. Momentary disruptions are the smallest item on the bill; it’s the consequences of corporate espionage that accounts for the lion’s share, with violations of patent rights, the loss of competitive advantages, and plagiarism together causing the greatest damage to German enterprises. Then there’s the erosion of reputations and negative press that’s also taking a huge toll. The direct costs associated with infrastructure downtime and the immediate damages through theft only are only the third largest monetary consequence of cybercrime.
Cyber security spans a broad range of diverse threats and counter measures. The difference between cyber security and general IT security lies in its focus on threats that stem from criminal activity, such as hacker attacks in the context of economic espionage, extortion or sabotage. Perpetrators follow their own economic interests, e.g. through organised heists with the ultimate goal to monetise company secrets or to wreak havoc for behalf of a third-party. Cyber security is about minimising an organisation’s attack surface, as securing IT systems alone is not enough when it comes to cybercrime. After all, attacks may just as well come from within, e.g. in the form of blackmail or corruption. In this regard, there are many parallels between cyber security and counter intelligence.
The stakes are high when criminal economic interests collide with critical infrastructure and valuable knowledge. The BSI warns that hackers and destructive organisations, too, employ increasingly sophisticated methods for their ends. For instance, they tap into bandwidth provided by cloud services to conduct orchestrated DDoS attacks. And hackers will also increasingly use machine learning for intelligent, self-optimising attacks that can easily avoid the pattern-detecting mechanisms in traditional security solutions. In a best-case scenario, modern security and event management (SIEM) is one step ahead of such attacks. In order to protect your systems against internal and external threats, you have to take effective action. Choose Bechtle to sleep better at night thanks to expert consultation, implementation and management of your SIEM system to keep your data safe against theft and sabotage.
A consistent security architecture is like an immune system for your corporate IT. It monitors your environment, detects anomalies, triggers alarms and automatically initiates counter measures, and it may even self-heal and patch its own vulnerabilities to be ready for future attacks. Cyber attacks are not arbitrary actions that can be deflected with a mere firewall, or individuals trying to guess your passwords. Professional attackers go the extra mile, e.g. to steal an employee’s credentials, and they use highly advanced, self-learning systems to overcome security systems. That’s why digging a moat around your infrastructure is not enough. You need to defend against cyber threats on multiple layers.
The first layer of an organisation’s cyber defence strategy has nothing to do with technology. It’s about creating awareness among the workforce of the risks that exist. A set of policies and training should sensitise all employees to common threats and dangerous behaviour. This is because many attacks are prefaced with a social engineering campaign designed to gain knowledge for the actual strike. Cyber attacks go through a number of stages. Attackers gain access or information that will later allow them to tap databases or demand ransom.
It’s critical to enable employees to detect such attempts.
The next layer is about creating the technical prerequisites required to detect attacks as they happen. Typically, IT experts take stock of a company’s current environment to conduct a gap analysis and draft a target scenario.
With essential protections in place, you need to consider ways to detect breaches fast and prevent security incidents altogether. For most companies, outsourcing managed security services is a good choice to achieve this, including:
Using a variety of integrated systems enables organisations to secure their infrastructure top to bottom. This includes properly configured access control to make sure authorised employees can access the information and systems they need, while preventing excessive user rights. But fine-tuning configurations is also important across your network, cloud infrastructure, and every single application. Intelligent monitoring should capture everything that happens in your network and applications and on devices, detect suspicious behaviour, and alert IT managers or indeed take instant action to stop attackers dead in their tracks. Effective endpoint protection prevents uncontrolled data leaks on your client devices.
Privileged access management (PAM) is an effective way for organisations to mitigate the risks associated with credential theft and misuse of accounts. Privileged accounts are the ones with rights that exceed those of regular users, such as admins, or accounts used by non-human identities such as applications or machines. PAM spans the access rights of employees, processes and technologies and enables companies to manage, monitor, secure and evaluate every privileged identity and activity within their IT environment, dramatically increasing the security of its IT infrastructure.
Should attackers manage to infiltrate a system after all, you need an effective strategy for disaster recovery to get up and running again fast, while IT forensics help you trace the attackers path and understand how they got in.
And then of course you need to test your existing security infrastructure to make sure it works. One component of this layer may be security audits including gap analyses and penetration tests to see how iron-clad your infrastructure really is and uncover potential gaps.
“Identity and access management is the new roadmap on the way to the cloud”, says Thorsten Krüger, Business Manager Consulting Services, Bechtle AG.
Identity and access management therefore has a bearing on all classic security disciplines. The client is increasingly located on the internet, secured with container technology and must be suitably protected when accessing applications. At the same time, network and security architectures are fusing to become more efficient and flexible solutions à la SASE, and rigid VPN and MPLS solutions are increasingly being superseded by SD-WAN technologies. These approaches are based on the central administration of identities and the decentralised, secure access to applications and are the reason behind identity and access management gaining importance in both perimeter concepts and cloud and application security architectures. Against this backdrop, security has to be thought of holistically. A company must have complete control over its users and their permissions to access its data and applications—in local infrastructures, but especially for the cloud. The identity access management solution iam amira guarantees that administration is transparent and compliant, while automating and orchestrating target systems. The simple and intuitive user interface also makes it possible to delegate a large number of admin tasks to the business’s organisations, which in turn makes processes more efficient.
Companies are, however, making a conscious decision to continue running critical applications locally on their corporate network. Alongside internal access protection for these applications, it is essential to control the perimeter because the company’s employees and service providers need to be able to navigate transparently between local and cloud-based data and resources.
With our Cyber Defence Centre, Bechtle offers two alternative options for building your own Security Operations Centre designed to detect, track and respond to suspicious behaviour.
The traditional option is a security information and event management system (SIEM) that scans and normalises events on various customer systems, matches them against custom policies and current threat intelligence information, and triggers alarms if it finds any suspicious activity. This allows us to identify real threats and take appropriate action.
The next-gen approach adds another level of automation and a set of forensic tools to monitor networks and operating systems and detect threats in real time. Artificial intelligence enables the platform to learn from behaviours it sees and enables it to effectively tell acceptable behaviour from potential dangerous anomalies. This allows it to instantly contain threats and keep danger away from your assets. The technologies deployed on your endpoints and across your network are managed through a Security Administration, Orchestration and Response platform (SOAR) operated by Bechtle analysts.
In order to protect your systems against internal and external threats, you have to take effective action. Choose Bechtle to sleep better at night, with expert consultation and your own Cyber Defence Centre run by our experts round-the-clock, 365 days a year. Get in touch today and protect your sensitive data against theft and sabotage.
Isolated solutions is not what we do. Bechtle sees the big picture of cyber defence, offering our customers expert consultation, implementation and administration of effective, integrated solutions to keep your systems and data safe. Take advantage of our extensive knowledge and experience garnered from numerous successfully implemented cyber defence systems. We’re also happy to help you get on track to an effective security strategy with workshops or security audits to identify potential vulnerabilities or analyse if the solutions you may have in place are suitable to prevent or detect cyber attacks and minimise potential damage.
We’ll help you implement the best solutions and establish safe behaviours across your organisation. We’ll plan the required tools, determine data sources and interfaces, and identify any necessary resources. And of course we’ll make sure your systems are always up to date, your hardware is scaled right, and your assets are always available. For instance, we may deploy machine-learning solutions that are able to understand user and application behaviour throughout your network and detect critical anomalies. Our experts are also able to manage the tools deployed in your company to take a load off your own IT staff.
In IT, forensic experts are some of the most-in-demand specialists both in investigative authorities and enterprises. Because for one, the economy is hugely threatened by cybercrime, on the other hand, nowadays, in almost every crime the smartphone is crucial for forensics and evidence collection. Find out more about the work of forensic scientists in IT.