Build cyber resilience with ProSec

The status report on IT security in Germany in 2022 by the Federal Office for Information Security (BSI) shows: Not least due to the Ukraine war, the threat situation in the digital space is becoming increasingly acute. this article of the Süddeutsche Zeitung (SZ) explains how companies can build cyber resilience with the services of ProSec.

Table of Contents

Good reasons for building cyber resilience

The threat situation is intensifying

The SZ article refers to a study by the digital association Bitkom published in August 2022 to illustrate the extent of damage caused by cyber attacks: The German economy suffers damage of 203 billion euros annually from cyber attacks. Almost all of the companies surveyed were definitely (84 percent) or at least likely (9 percent) affected by such attacks. For the year 2023, the companies surveyed and in particular operators of critical infrastructures expect a further increase in hacking attacks.

The results of the study cited in the article are supported by the report published in October IT security situation in Germany 2022 confirmed by the BSI: In particular Ransomware and attacks by so-called hacktivists in connection with the Ukraine war continue to pose a growing threat to companies and public sector entities.

Cyber ​​attacks that could have been prevented

There are numerous examples of cyber attacks on German companies and authorities. The article in the SZ mentions the attack on the satellite network provider Viasat, which is clearly related to the start of the Ukraine war. The consequences were far-reaching: On the one hand, Internet access for Viasat customers, including the Ukrainian military, was interrupted. On the other hand, collateral damage was incurred; for example, there are over 3.000 in Germany remotely maintained via satellite Wind turbines been offline.

In contrast to many direct attacks on individual companies and municipalities, in which the human factor is often exploited as the weakest link in the chain of defense, in this case the attackers chose the technical route. They exploited a vulnerability in an update, as reported by the SZ.

Another example from February 2022 are the hacking attacks on the mineral oil supplier Oiltanking Deutschland GmbH. The article in the SZ shows the extent of the attacks: the supplier struggled with the consequences for several days and the entire supply chain was in danger.

Both examples make it clear how important it is for all companies to build cyber resilience - regardless of whether they are located in the IT sector themselves or only use digital solutions for their work.

Legal requirements: From IT-SiG 2.0 to DiGAV

In addition to the intrinsic motivation to protect their company from hackers, legal requirements also play a role for many responsible persons. The cited article mentions the IT Security Act 2.0 (IT-SiG 2.0) and the Digital Health Applications Ordinance (DiGAV).

The IT-SiG 2.0, for example, obliges “KRITIS operators and companies in the special public interest to take comprehensive preventive measures to protect against security incidents since 2021.”

The article cites the latest change to the DiGAV from April 2022 as another example of legal requirements for certain industries. These changes oblige providers of apps in the healthcare sector to carry out penetration tests, among other things.

We have compiled further information on industry-specific requirements here:

You want to see the consequences of a successful hacker attack
spare your IT system?
Test your IT now with a professional penetration test!
For the penetration test

How ProSec promotes the development of cyber resilience

In its article, the SZ refers to ProSec's services, which companies and public sector bodies can use to build up their cyber resilience. As the article makes clear, we are not limited to one industry. As one of our pentesters put it in a nutshell recentlyt: "In the end, it's always just another computer."

Internally, we call our customers partners because close cooperation is crucial for the success of our projects. The human factor is decisive for ProSec in two respects: On the one hand, attackers use this factor as an often simple and promising gateway. That is why social engineering and physical access are part of the repertoire of our security assessments.

On the other hand, it is people who stand behind security processes and tools. We can only achieve our goal of more security in the digital (and therefore also in the real) space if we make our specialist knowledge understandable to the customer and provide support in the implementation of suitable measures.

On our website we provide information about our various services (e.g. also about the possibility of Pentest as a Service ). At the beginning there is always a free structural analysis, in which we define needs and expectations. 

Do you want to make your company strong in terms of cyber resilience?
Let's talk about it personally!
Contact us now
OTHER CONTRIBUTIONS

Table of Contents