Key learning from BSI´s basic IT protection day

When you´re into topics like ISMS, organizational risk mgt. or certifications check the free publications and detailed information from BSI here: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html

Here´s some important take home messages:

Your technical infrastructure might be outstandingly secure, though there are millions of new attacks every day so that at least a few might come through. Prevent breaches from phishing or other less elaborated attacks with a solid employee awareness (e.g. how to recognize malicious mails) and create a vivid risk management (e.g. create internal phishing attack simulations).

On the other side, specificly targeted attacks are comparably rare but extremely dangerous. Before starting the actual hack, criminals collect many specific information on different channels such as social media (always be aware of your company´s and employees´ web presence!) and use manipulative communication and spoofing to convince specific colleagues to “open the door” for them.

Make sure you set up an effective control of rights, access and authentication so at least you could retain some control on the damage or prevent it at all.

Conclusion: No matter how elaborated your tech-sec setup is – it´s just as strong as the people working in it.

Security reminder for every “new homeoffice” organization

At the beginning of the pandemic priorities were immediately redefined. For the majority of companies it was the most important concern to make homeoffice possible in order to maintain productivity and keep the business alive. Once this huge project was realized many of us jumped back to overdue business projects and forgot about a very important matter that accompanies the new work environment – it´s own IT security needs.

At home we use our personal network (and in some cases even personal equipment / “BYOD”) that is hardly protected, making it quite easy for attackers to intrude the company network through this weakpoint.

According to many cyber experts and research, the biggest risk still is the human factor and this is why most cyber attacks aim at our digital identities, stealing passwords and manipulate us with social engineering techniques.

Covid-19 accelerated digitalization and new work structures for many organizations all over the planet. We now must not forget to take care of our digital safety in rapidly grown remote work structures.

What is your experience – did your network adapt to “new work”´s security needs?
Cyber Security

As per reports from Hiscox Cyber Readiness, 33% of SMEs were victims of a (known) cyber attack last year.

As per reports from Hiscox Cyber Readiness, 33% of SMEs were victims of a (known) cyber attack last year.

Ole Sviederding – Underwriting Manager Cyber at Hiscox – says according to DATAKONTEXT GmbH (https://lnkd.in/dFMGA2V): “SMEs are particularly attractive targets for hackers, as they are generally worse protected against cyber risks than large companies”.

While in large companies departments or staff units are created to secure the IT infrastructure, in SMEs the IT administrator is responsible for the IT security of the entire company in addition to his or her actual activities.

The economic damage in the case of a successful cyber attack quickly runs into the six-digit range. Often, action is only taken after a successful attack on the infrastructure – and thus too late.

Avoid the risk of a cyber attack and implement the latest IT security solutions such as multi-factor authentication or IAM systems.

Stunning FACT: Did you know, that not every hacker wears a hoody or a mask during his hack?

IT security: public cloud can become a gateway for companies

As more and more companies move to hybrid (or even cloud) infrastructure, they need to be aware of security lacks. Many organizations have a workload in the public cloud, containing credentials, passwords or API-keys. Attackers there have a good chance finding a first point of entry to your company.

Even more critical is the fact, that 25% of the companies do not use multifactor authentication for their superadmin cloud-accounts. Nowadays it is very easy for hackers getting their credentials to cause a huge damage in the companies infrastructure.

Be aware that moving to cloud without any security components such as MFA or IAM-Tools could cause massive damages and costs by getting hacked or any other cyber attack. Just remember to have a good security environment around giving intruders no chance to have access to your data.

#cloud #MFA #IAM