Digital Transformation

Digital Transformation and Cybersecurity

Digital transformation and the associated (IT) change management have evolved from buzzwords to important drivers in companies. German SMEs are also catching up with these important developments, albeit still hesitantly. Many entrepreneurs shy away from major upheavals in their IT landscapes. Often, they are also faced with the question of how they can drive these important fields forward – without the important topic of cybersecurity falling behind?

The increasing networking of all machines, as well as business processes, means that entire IT landscapes are at risk from external influences. Therefore, in addition to a digital strategy, a security strategy based on it should also be introduced in the company. This also means that the budgets for corporate IT must be adjusted. After all, a technical upgrade without security measures in the background is on shaky ground.

Here are some important tips

Dismantle isolated solutions

IT structures are usually evolved solutions that have been expanded and supplemented whenever necessary for the respective business model. These isolated solutions are sometimes better, sometimes worse connected via different interfaces – but sometimes they exist side by side so that each branch or subsidiary has its solution. It is obvious that not only the application structure is confusing, but also the security of the systems is often rather nebulous in such a landscape. Each system must be protected separately, and if – for example when an employee leaves – the network and security plans have not been properly documented and passed on, it is also possible that important protection and security measures may not have been properly checked and adapted.

In addition to economic reasons, the security aspect should also be reason enough for most companies to dismantle these heterogeneous, poorly networked IT landscapes and replace them with an end-to-end application and network landscape. This saves costs and resources in setting up and maintaining company networks and ensures uniformly high-security standards in your company.

Do not rely on top-down communication

When describing the approach of German companies to digitization, one often encounters the terms “hesitant,” “slow” and “risk-averse.” Nevertheless, it is clear that something is happening – but also that SMEs, in particular, are having a hard time. Especially when it comes to introducing new systems, which may also entail the introduction of new processes. Especially at the management level, people are too attached to the old, which they then want to transform into the new. This does not work! Particularly because the employees are not included in the process. Because digital transformation and change management thrive on the dialog. And especially from down-top communication. Yes, you read that correctly. Your employees are the key to the success of your digital transformation process.

Therefore: Take your employees with you

This means two things: learn from your employees. The younger, tech- and IT-savvy generation, in particular, wants to, and especially can, get involved. They contribute ideas. And more importantly, they will provide and implement knowledge. At the same time, it is also important to take along those employees who are rather critical of new technology and the associated change. Take their concerns seriously and address them in your IT and security concept.

But it also means that you should invest in your employees’ knowledge of cybersecurity. Important here: all employees who work in your network and access at least one of your systems or one of your deployed applications. Because no matter how well your company is technically positioned in terms of cybersecurity, the biggest weak point in your security network is the human factor: phishing and social engineering attacks are becoming increasingly sophisticated. That’s why you should optimally prepare your employees for such an emergency through training and testing. In this way, you can proactively close gaps for attackers in the best possible way.

Be proactive

Many companies, but also private individuals, still underestimate how important it is to invest in preventive security measures. As a result, the budget for digital transformation in companies is often large, but the budget for the associated security mechanisms is incomparably smaller. This “what’s going to happen to us” mentality can quickly become very expensive. Even if it doesn’t seem like it at first: investing in security upfront is much cheaper than reacting to damage that has occurred.

Have you been hacked? That means downtime, possible data loss, but even worse: loss of reputation and, in the worst case, dwindling order numbers due to late deliveries or due to your customers’ lack of trust in you and your compliance.

You see: Action pays off. And the reaction can therefore only be the last resort.

Your benefits from a digital transformation based on Cybersecurity

Application and data security and availability

High-security standards ensure that your employees always have access to the applications they need. This is the only way to ensure that business processes run smoothly. At the same time, you protect your company’s data and that of your customers. In addition to operational processes, this is also more than necessary concerning legal regulations.

Best user experience, first-class compliance management, and cost-efficiency

Networked systems allow your employees to quickly and easily switch between applications with similar user interfaces. This saves a lot of time when learning new programs, but also in the daily workflow. At the same time, with such networking, these systems must be adequately protected so that they cannot be compromised. This sounds costly at first, but imagine the effort if you had to install and maintain security mechanisms at the same high level on every single application. This way, you make things easier for your IT, as well as for the end-user at the workstation. And you can deliver a higher security standard for a lower budget.

Corona vaccine

Corona vaccine data targeted by hackers

On Wednesday evening, unknown hackers managed to penetrate the system of the European Medicines Agency (EMA). In doing so, they were able to capture individual pieces of information on a Corona vaccine that is currently in the approval process. The authority is currently reviewing the approval of the vaccine developed by the Mainz-based company Biontech and the US pharmaceutical giant Pfizer. EMA has not yet disclosed exactly how many and which data are involved.

Who has an interest in data on the Corona vaccine?

It is also still unclear who is responsible for the attack. Experts suspect that secret services, for example from Russia or China, are behind the attack. However, this has not yet been proven. Nevertheless, there are indications that this was a state-initiated attack; The initial approval of an effective and low-risk Corona vaccine is more than just a prestige project for a nation; it is of great economic value. For one thing, patent sales have a direct impact on the national economy. For another, an effective vaccine can ease lockdown regulations, which additionally allows the national economy to recover more quickly.

Biontech and Pfizer emphasize that no data were stolen that would allow conclusions to be drawn about individual test subjects. EMA also announces that the incident has no impact on the further approval process.

Can such attacks be prevented in the future?

Nevertheless, the cyberattack shows how important increased IT security standards are for all organizations in a chain: Biontech and Pfizer’s IT systems are very well secured, experts say. The company emphasizes that it could not notice any activity on their systems. This shows that the hackers did not focus on the well-secured private sector systems. But on the less well-secured ones of the EU authority.

Data protection experts have previously complained, particularly for the healthcare sector, that important data is often only secure in the government’s own system. It is not advisable to assume that upstream and downstream systems meet the same security requirements. This has been proven once again by the current incident. The introduction of a uniformly high-security standard in public institutions as well would therefore be beneficial.

You can read more about data protection problems in IT in the German healthcare sector here.

In this blog article, we have summarized why the healthcare sector is coming under the scrutiny of hackers, especially in times of a pandemic.

Critical Infrastructure

Critical infrastructure – Critical cybersecurity

Critical infrastructure in Germany is currently particularly at risk when it comes to cybersecurity. According to the Frankfurter Allgemeine Sonntagszeitung, 141 successful cyber attacks were reported until the beginning of November 2020. Of these, 43 were directed at healthcare providers. Last year there were 121 successful attempts in the critical infrastructure report and only 62 in 2018.

In addition to the healthcare sector, energy and water suppliers, banks, and insurance companies are also affected. In most cases, such incidents are so-called ransomware attacks, which result in a ransom demand for the decryption of data.

Experts cite the crisis resulting from the Corona pandemic as one of the reasons for the increased number of cyberattacks on companies in the so-called critical infrastructure. Medical institutions in particular still have an increased need for action in the area of IT and cybersecurity. At least 15 percent of IT investments should be spent on IT and cybersecurity.

In this article, we have summarized why the healthcare system is so at risk and what exactly such an investment could look like. Viruses in hospitals – Cybersecurity in the Corona pandemic

Because, of course, similar protection scenarios apply to critical facilities as to the health care system.

CRITIS as a worthwhile target

The advance of digitalization also opens up potential security gaps for attackers. While states were initially particularly interested in overriding the security mechanisms of “enemy” states, this is now increasingly being observed by private groups. Securing the IT systems of CRITIS operators is not an easy task. On the one hand, these are private-sector companies of various sizes. On the other hand, the IT structures used have a long life cycle, which is why they often do not have the necessary security updates or do not have them promptly. Since 2016, all operators of companies that are part of CRITIS have been required to provide a 2-year security proof of their infrastructure. However, considering the frequency with which malicious software is developed, it is strongly recommended that relevant security updates be carried out more frequently. And to initiate in-depth preventive measures to secure your systems.

Especially the protection of the attack target “human” is part of a valid security concept. Because often the technical security measures are high and strong; but they do not protect against the intervention of the (inexperienced) user. These include successful phishing attacks, especially so-called spear-phishing campaigns, which make targeted use of social engineering techniques. We, therefore, recommend regular and in-depth employee training. As well as the establishment of strong multi-factor authentication rules to protect your system from the human factor in the best possible way.


Webinar – Cybersecurity for the “human factor” in medium-sized businesses

Surely you have already encountered the terms “social engineering”, “phishing” or “CEO fraud” and you have a rough idea of the consequences of such attacks on your company. But how do hackers operate? How severe is the threat of Social Engineering for German SMEs? And above all: What measures should you take to increase your cybersecurity?

In our webinar, we will give you an overview of the threats so that you can make a realistic risk assessment. The focus of this webinar will be the human factor, without which cyber attacks today can hardly be performed.

We will show you typical manipulative procedures as well as simple and straightforward measures for prevention and protection. After all, it is important to act proactively to prevent a Cyberattack: That saves you time, money, and nerves!


Date: 11.12.2020

Time: 11:00 AM

Place: online

Referent: Marc Pantalone, Business Development Manager, HWS Informationssysteme GmbH

Register by writing an email to


The webinar will be in the German language.

We are looking forward to meeting you!