May 2, 2023
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
The status report of the German Federal Office for Information Security (BSI) 2022 shows: IT security in the public sector is increasingly under threat. That is why the IT security experts at ProSec support not only companies, but also public authorities, municipalities and critical infrastructures (CRITIS) in building their cyber resilience. This article in Handelsblatt reports on how our penetration testers and IT security consultants go about this.
The IT security experts at ProSec are closely monitoring current cyber attacks on public authorities, municipalities and CRITIS. This is because the number of politically motivated hacking attacks ("hacktivism") has been increasing since the start of the Ukraine war. The high point so far was the "first digitally induced disaster in Germany," as reported by Handelsblatt: The district of Anhalt-Bitterfeld had been unable to provide services such as paying social welfare for over 200 days. In the article, our founder Tim explains: "While malicious hackers usually aim to pay a ransom, prorussian hackers are interested in a show of force, i.e. a demonstration of their own strength.
Our co-founder Immanuel has already advised numerous municipal institutions and repeatedly makes it clear that digitization and IT security in the public sector must go hand in hand: One simply cannot work without the other. After all, digitization always means interfaces, which in turn represent attack vectors for hackers.
In the Handelsblatt article, Tim and Immanuel make it clear why they are committed to more IT security in the public sector: "Attacks on the IT of public authorities ultimately always affect people." That's why we always work closely with municipalities and CRITIS, such as public utilities, to realistically assess and efficiently improve their IT security.
The collaboration is usually divided into two phases: First, a penetration test is conducted to uncover and document all of the organization's vulnerabilities. Then, our IT security consultants support you in sustainably remediating the findings.
In our penetration tests, we proceed like real attackers and therefore do not limit ourselves to technical vulnerabilities. A check of the physical security (e.g., access to the server room) is usually checked as well as the weakest link in the chain: the human factor. After all, our founders make it clear in the article: an unattended network socket is often enough for them to penetrate their customers' networks. In most cases, however, it is the "human vulnerability" that criminals exploit.
When public sector IT leaders work with experts like the penetration testers and IT security consultants at ProSec, it means more digital and real-world security for all citizens.
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
Interview with Christian Rosenzweig (Johner Institute) - Part 2 In the first part of our interview, we asked basic questions about
The media are currently reporting about the so-called Vulkan files. In this article we inform about the contents of these files