To defend themselves against data theft, sabotage, and blackmailing, enterprises and public institutions are relying on awareness raising, skill development, and the clout of IT manufacturers and service providers. For a comprehensive, strategic view of the topic in enterprises, it is important to broaden the view, and this needs management's involvement. This means that a technical necessity—that was often unpopular in the past—has blossomed into a central factor for future enterprise sustainability.
The figures speak for themselves: 123456 remains the most popular password with IT users in Germany. The top ten also features ten other weak and insecure number combinations—as compiled by the Hasso-Plattner-Institut (HPI) from leaked login data. Every month there are some 30 million cases of identity theft, in which passwords and usernames are stolen by cyber criminals, announced HPI Director Professor Christoph Meinel in May at the Potsdam Conference for National Cyber Security. The aspect of identity protection is one of many key points of a topic that is becoming an ever more burning issue in these times of digitalisation.
From phishing and blackmail with ransomware, to website attacks, the darknet and crime-as-a-service, it’s clear to see that cybercrime is expanding in its methods and scope. No stone of the enterprise is left unturned. The German Federal Criminal Police Office (BKA) recorded exactly 87,106 cases in 2018. The estimated financial damage—some 61 million euros. “These are only the cases that are reported,” said BKA President Holger Münch at this year’s cyber security conference in Potsdam. The number of unknown cases must be huge with the BKA estimating it at some 90%. Attackers are also increasingly targeting particularly critical infrastructure, referred to as KRITIS.
So much for the crime side of things. What about the defence? To defend themselves against data theft, sabotage, and blackmailing, enterprises and public institutions are relying on awareness raising, skill development, and the clout of IT manufacturers and service providers. Technologies and measures come into play that are often grouped under the umbrella of cyber resilience or simply resilience.
The majority of manufacturers are based outside of Europe, an imbalance that is also reflected in investment behaviour. According to the digital association, Bitkom, 4.1 billion euros were spent on IT security hardware, software, and services in 2018 alone. And this figure keeps growing. This is as much as the US defence ministry’s annual budget for cyber security.
Bechtle offers IT Security solutions in the following areas:
By relieving our customers of operational responsibility of their security infrastructures, we are making an important contribution to their sustainable future.
Christian Grusemann, Business Manager Security, Bechtle
The big picture counts.
“SMEs are facing an increasing number of threat scenarios against a background of serious challenges,” says Christian Grusemann, Security Business Manager at Bechtle. Stable business operation, protection of expertise and reputation, and not least, use of the latest technologies are all crucial in order to rise above the competition. “While large enterprises have the resources to build security solutions according to best of breed approaches and recruit qualified employees to operate them, the majority of SMEs face the daunting task of investing the right amount in suitable infrastructures and security workers. For a comprehensive, strategic view of the topic in enterprises, it is therefore important to broaden the view, and this needs management's involvement. This means that a technical necessity—that was often unpopular in the past—has blossomed into a central factor for future enterprise sustainability. “This involves legal requirements and reporting obligations as well as the resulting process of bringing technical and organisational security into harmony with one another,” Christian Grusemann explains.
A question of law and order.
Against a backdrop of intensive cyber-attacks, IT security is a highly topical issue for those operating critical infrastructures, for example. If the thresholds of the ordinance to identify critical infrastructures under the German Critical Infrastructures Ordinance (BSI-Kritisverordnung) are reached or exceeded, companies are obligated to prove that their IT infrastructures are protected in compliance with the Ordinance. This applies to organisations and organisations in the energy, IT and telecommunications, transport and traffic, health, water, nutrition, and finance and insurance sectors. The German Critical Infrastructures Ordinance implements the German IT security act IT-SiG, which has been in force since 2015. Its aim is to increase the security of information technical systems and contribute to the protection of critical infrastructures in Germany. The IT Security Act obliges affected organisations to adhere to a defined minimum level of IT security.
In addition, on 25 May 2018, the GDPR came into effect. This governs the handling of personal data by private enterprises and public sector entities at an EU level. It aims to both ensure the protection of data within the European Union as well as free data movement within the European domestic market. To organise handling of sensitive data in larger enterprises, comprehensive measures are needed at both technological and organisational levels. “In the past, data protection and IT security were often viewed as two separate topics. Today, the topics merge into one another and are legally considered as one,” explains Heiner Golombek, Head of the Data Protection and Data Security Competence Centre in Bechtle’s Neckarsulm IT System House.
In addition to the IT-SiG and GDPR, the are also other regulations such as the Law on Control and Transparency in Business (KonTraG) and standards for information security management systems (ISMS) such as ISO 27001 which all have to be implemented as part of companies’ organisational management structures. Bechtle supports their customers by realising holistic solutions to fulfil legal requirements. “As an external provider, we help detect and close any gaps in your data protection and IT security,” says Heiner Golombek. “This is where our self-developed Security Awareness Program—available in two languages—comes into play. It contains training components that build on one another, and measurably raises awareness in employees.
In the past, data protection and IT security were often viewed as two separate topics. Today, the topics merge into one another and are legally considered as one.
Mission for the IT boffs.
With more than 200 IT security specialists working in eight dedicated Competence Centres and twelve other teams, Bechtle is an important partner for many customers when it comes to security. As a leading IT system house Bechtle has a wide range of vendor partners covering everything from Application Security and Infrastructure Protection to tailored Managed Security Services. “This is where our comprehensive end-to-end security solution comes in—no matter whether you operate Industry 4.0, a classic IT infrastructure, a cloud solution or networked mobile working,” says Business Manager Christian Grusemann.
Bechtle also develops in-house services, keeps a constant eye on the market, and builds their portfolio in a targeted way with solution providers that know how to meet the needs of SMEs. “In our opinion, this requires security concepts that allow SMEs to boost their level of network security. This means using mainly products that “talk” to each other, automatically close vulnerabilities in the network, or block attacks originating from the infrastructure and quarantine files containing malicious code and infected clients. Here, open interfaces like REST APIs or entire propriety security fabrics can be used. The benefit for the IT department is fewer complex manual interventions and more time for business-oriented tasks,” says Golo Königshoff, Head of Network & Security at Bechtle IT System House Hannover.
This touches on another important point—availability of security experts. Even if enterprises want to invest in expanding their personnel, specialists in this field are hard to come by and the public authorities are competing with companies in the fields of economy and science for them. “The number of people training to be IT and cybercrime experts at universities and other higher education institutions has started to grow. However, Germany does not have enough capacity to cover the current and future need,” Christian Grusemann warns. “By relieving our customers of operational responsibility of their security infrastructures, we are making an important contribution to their sustainable future.”
To further develop the Bechtle Security crack team in all relevant topics and strengthen the exchange of experiences, all experts met for an internal special event in March at the headquarters in Neckarsulm. The main insight gained from the meeting is similar to the latest cyber-security conference in Potsdam, namely that the key is to work together.
SAVE THE DATE.
Bechtle will be exhibiting at the it-sa, Europe’s largest IT Security trade fair, from 8 to 10 October 2019 in Nuremberg. Come and say hello at stand 11.0-716 in hall 11.0.
Business Manager Security
Bechtle Systemhaus Holding AG
Get the best from the Bechtle update every two months directly into your mailbox. Click here to register:
Published on Sep 2, 2019.