We are taking part in the European Cyber Security Month!

What is the ECSM? Basically this is an initiative supported by the European Commission and many other organizations like BSI to raise awareness for cyber security in the industry as well as for citizens. During the whole month of October many IT security experts contribute with presentations, special offerings and campaigns to highlight the importance of digital safety and speak about threats and trends in IT security.

We also decided to share our knowledge in the area of securing the human factor against cyber attacks and will inform about attacks on digital identities including consequences of a successful hack and give some ideas for prevention.

Ever wondered what social engineering is or how phishing works and what´s actually behind these buzzwords? How do attackers manipulate users and trick them into sharing their credentials, “open a (digital) door” to the company network or make them assist in a fraud? We will give a basic intro to that and are looking forward to your participation!

Time: 9th of October at 11 am (CET), duration: 45 minutes

Registration: https://doubleclue.com/en/registration-ecsm/

(Of course it´s completely free)


#ECSM #security #cyberattack

Key learning from BSI´s basic IT protection day

When you´re into topics like ISMS, organizational risk mgt. or certifications check the free publications and detailed information from BSI here: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html

Here´s some important take home messages:

Your technical infrastructure might be outstandingly secure, though there are millions of new attacks every day so that at least a few might come through. Prevent breaches from phishing or other less elaborated attacks with a solid employee awareness (e.g. how to recognize malicious mails) and create a vivid risk management (e.g. create internal phishing attack simulations).

On the other side, specificly targeted attacks are comparably rare but extremely dangerous. Before starting the actual hack, criminals collect many specific information on different channels such as social media (always be aware of your company´s and employees´ web presence!) and use manipulative communication and spoofing to convince specific colleagues to “open the door” for them.

Make sure you set up an effective control of rights, access and authentication so at least you could retain some control on the damage or prevent it at all.

Conclusion: No matter how elaborated your tech-sec setup is – it´s just as strong as the people working in it.

IT Security

Security as a Service – MSSP

Security as a Service – MSSP

Since an incredible amount of companies makes good use of cloud services, we quickly need to rethink our existing security infrastructure.

By using cloud applications and remote access we “open up” our network to the whole wide internet world while older security tools often do not sufficiently account for the new online setup.

Modernizing the own IT Sec tool- and hardware-landscape seems to be the way to solve this, otherwise an organization could decide for a MSSP: A managed security service provider who manages your IT security from the outside.

Why “outsource” IT security?
Actually there are some good reasons for this (of course there also might be some against it but it should at least be considered). The difficulty to find and pay qualified IT Sec experts instead of having an experienced, external expert team who is always aware of the latest threats and trends would be one argument. Depending on the individual setup it´s also worth checking the cost effectiveness: MSSP´s could provide similar services running on the same security assets for different customers at one time, therefore achieving economies of scale.

Apart from the general decision we should ask ourselves which parts of IT Sec should remain within the company? What about IAM?