New Federal Agency to strengthen cyber security in Germany

New Federal Agency to strengthen cyber security in Germany.

The Ministries of the Interior and Defence have founded the “Agency for Innovation in Cyber Security”, locaded in the Halle/Leipzig area. The aim of the merger is not to carry out or fend off cyberattacks themselves, but rather to generate an overview of scientific developments in the field of cyber security.

Minister of Defense Annegret Kramp-Karrenbauer (CDU) speaks of a “milestone in the protection of our IT systems”.

The institution has an interest in interacting with the best minds in the federal government. For this purpose, Christoph Igel, its first director of research, wants to work with the 360 universities in Germany.

The right way to fight cybercrime?

#ITsecurity

Hackers gain access to the systems of various Swiss universities

Attackers gain access to the universities’ networks by sending targeted phishing mails and were thus able to divert six-digit numbers in salary payments. Employees of the universities were asked to enter their access data in the e-mails, which enabled the attackers to change recipient accounts for salary payments.

According to “Sonntagszeitung”, the University of Basel and the University of Zurich are among the universities affected. Both were able to detect the attacks early on and thus kept the damage caused very low.

A successful attack is often only recognized after 200 days. During these 200 days, the attackers have already access to all systems as well as data and can cause huge damage.

Protect your IT infrastructure with a sophisticated security strategy! Starting with the introduction of trainings for employees to make them aware of cyber attacks, to the implementation of complex solutions and tools like ISMS, IAM or multi-factor authentication.

We are taking part in the European Cyber Security Month!

What is the ECSM? Basically this is an initiative supported by the European Commission and many other organizations like BSI to raise awareness for cyber security in the industry as well as for citizens. During the whole month of October many IT security experts contribute with presentations, special offerings and campaigns to highlight the importance of digital safety and speak about threats and trends in IT security.

We also decided to share our knowledge in the area of securing the human factor against cyber attacks and will inform about attacks on digital identities including consequences of a successful hack and give some ideas for prevention.

Ever wondered what social engineering is or how phishing works and what´s actually behind these buzzwords? How do attackers manipulate users and trick them into sharing their credentials, “open a (digital) door” to the company network or make them assist in a fraud? We will give a basic intro to that and are looking forward to your participation!

Time: 9th of October at 11 am (CET), duration: 45 minutes

Registration: https://doubleclue.com/en/registration-ecsm/

(Of course it´s completely free)

 

#ECSM #security #cyberattack

Key learning from BSI´s basic IT protection day

When you´re into topics like ISMS, organizational risk mgt. or certifications check the free publications and detailed information from BSI here: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html

Here´s some important take home messages:

Your technical infrastructure might be outstandingly secure, though there are millions of new attacks every day so that at least a few might come through. Prevent breaches from phishing or other less elaborated attacks with a solid employee awareness (e.g. how to recognize malicious mails) and create a vivid risk management (e.g. create internal phishing attack simulations).

On the other side, specificly targeted attacks are comparably rare but extremely dangerous. Before starting the actual hack, criminals collect many specific information on different channels such as social media (always be aware of your company´s and employees´ web presence!) and use manipulative communication and spoofing to convince specific colleagues to “open the door” for them.

Make sure you set up an effective control of rights, access and authentication so at least you could retain some control on the damage or prevent it at all.

Conclusion: No matter how elaborated your tech-sec setup is – it´s just as strong as the people working in it.

IT Security

Security as a Service – MSSP

Security as a Service – MSSP

Since an incredible amount of companies makes good use of cloud services, we quickly need to rethink our existing security infrastructure.

By using cloud applications and remote access we “open up” our network to the whole wide internet world while older security tools often do not sufficiently account for the new online setup.

Modernizing the own IT Sec tool- and hardware-landscape seems to be the way to solve this, otherwise an organization could decide for a MSSP: A managed security service provider who manages your IT security from the outside.

Why “outsource” IT security?
Actually there are some good reasons for this (of course there also might be some against it but it should at least be considered). The difficulty to find and pay qualified IT Sec experts instead of having an experienced, external expert team who is always aware of the latest threats and trends would be one argument. Depending on the individual setup it´s also worth checking the cost effectiveness: MSSP´s could provide similar services running on the same security assets for different customers at one time, therefore achieving economies of scale.

Apart from the general decision we should ask ourselves which parts of IT Sec should remain within the company? What about IAM?