Increased risk of governmental cyber attacks on German companies
Our information security expert Michael Kirsch reports: When I started working more intensively on IT systems and IOT 10 years ago, state-sponsored cyberattacks were considered as very unlikely. The effort and resources involved in such attacks were considered too high – as in the case of Stuxnet, for example.
Currently, there are reports in the news about possible cyberattacks, even cyberwar. The Anonymous hacker group is declaring cyberwar on Russia, and Russia’s Ghostwriter hacker group is attacking critical infrastructure in Western countries (as reported by “Der Spiegel“).
This drastically increases the risk of companies being targeted by state-sponsored cyberattacks. However, when this happens, companies usually do not know whether a state-sponsored cyberattack occurred, when it occurred, where it originated, who was involved, or why they were targeted in the first place.
DDoS as a distraction for spying attacks
One way to attack companies are so-called DDoS attacks. Companies, organizations and government agencies around the world are forced to defend against approximately 2.8 billion DDoS attacks.
A DDoS attack is a “distributed” denial of service (DoS) attack that can be described as a type of service or system shutdown. This occurs when a requested service is no longer available or only available to a very limited extent. In many cases, a DDoS is triggered by an artificially induced overload of the IT infrastructure.
In addition, DDoS attacks are used by hackers to disguise APT (Advanced Persistent Threat) attacks and inject malware into the corporate network without being noticed. APTs are complex, targeted and effective offensives based on various attack vectors. They are often only discovered after months or years, if at all, and aim to allow hackers to remain unnoticed in the corporate network as long as possible.
- Companies should therefore anticipate that DDoS attacks could also serve as a cover for targeted APT attacks and develop appropriate sensitivity to threats!
The most important actions that companies need to initiate
- Implementation of a cybersecurity culture within the company
- The implementation and operation of an information security management system (ISMS)
- Employee training on relevant topics
- Increasing information security within the supply chain and among its suppliers
With increasing digitization, these measures for better information security are focusing on the entire value chain. It is no longer just the company’s own business that needs to be considered. Companies need to pay more attention and take a closer look at their value chain to be better protected.
- It is helpful to judge suppliers not only by price, quality and availability, but also by information security aspects!
ISEGRIM X®: Creating Information Security & Digital Trust
You don’t want to face the challenge of implementing an ISMS alone? We would be pleased to explain to you in a non-binding conversation how we can support you on your way to a certified Information Security Management System.
We, at ISEGRIM X, support companies in implementing and operating an ISMS in accordance with the most common standards and requirements – such as TISAX® or ISO 27001. With the help of certifications such as the TISAX® label, your company enjoys a widely accepted information security standard.
With our NORM X solution, we have developed a cost-effective and highly efficient way for small to medium-sized enterprises to establish and operate an ISMS. At the same time, a basis to get relevant certifications is established for your company.
Contribute to lasting and proven information security and design your digitization process in a safe way!
