German SMEs have long been top targets for cyber-attacks and with good reason. From an attacker’s point of view, the obstacles put in their path are easy to circumvent and successful attacks tend to be uncovered when it’s far too late. Another point is that the damage that can be inflicted on these businesses is comparatively big which is illustrated, for example, by the large ransom that is demanded in the course of an attack. This means that attacks receive big pay-outs for minimal effort.
To try and counteract these developments, businesses are pouring a lot of effort into IT security with the result that the number of manufacturers offering security solutions has grown considerably over the last few years turning the market into an impenetrable jungle. Alongside the large, established players, there are also numerous smaller providers that stand out thanks to their innovative approaches.
All this choice often means customers cannot see the wood for the trees. It’s not enough to combine several security solutions to get the highest levels of protection. In this game of cat and mouse, the attackers will always be on the front foot and businesses have to be prepared.
It’s therefore a good idea to accept the fact that, sooner or later, our company will become the target of a successful attack. Once we’ve got to grips with that, we need to consider four additional aspects of cyber security alongside protection.
You first have to identify your company’s assets, and by that I mean information, data, processes and systems. Where are these assets? Risks are detected and assessed. Based on these findings, existing protection is checked and extended if required. It’s not only technical measures which are gaining in importance—raising awareness among and training employees are also becoming more critical as phishing e-mails tend to be the first point of attack.
Another aspect is the early detection of security-relevant events, which requires relevant systems to be constantly monitored so that security breaches and anomalies can be quickly detected and assessed. Instruments that link alerts from different sources are particularly useful as they make attacks easier to understand—a very demanding task that requires a lot of knowledge and experience and should therefore be purchased as an external service.
The next challenge comes when a successful cyber-attack is detected: reacting quickly and constructively to prevent spread and minimise damage. This requires a certain level of preparation which I know from experience is lacking in many companies because, when it comes down to it, there won’t be any time for delays. A workable emergency plan does away with unnecessary stress and ensures clarity: Who is responsible for what? Who decides if operative systems need to be removed from the network? How are external service providers involved and what agreements are in place? How is everything communicated, both internally and externally, with customers, authorities, etc?
The final aspect is connecting to the recovery of data and systems. Developing, documenting and continuously updating an efficient backup and recovery process also requires some preparation. Experience gathered from regular practice can be used to update and optimise the recovery plan.
It’s critical to keep backups separate and therefore protected from malware. These days, ransomware attacks aim to compromise live data as well as the backup repository to drive up the amount of ransom demanded.
a holistic cyber security strategy should include the following five aspects: identification,, protection, detection, reaction and recovery. Together, they form the Cybersecurity framework as defined by the American National Institute of Standards and Technology (NIST). Bechtle’s comprehensive portfolio includes solutions for all five aspects thus supporting their customers from A-Z.