Leadership vs. Management, what exactly are the differences? And what is needed in both areas to meet the current challenges?
IT security only works if everyone participates: business, politics, teaching and consumers. That's why it was Event of the School-Business Campus in the SCHULEWIRTSCHAFT network Rottweil on January 30.01.2023th, 2023 was exactly the right setting for our co-founder Immanuel Bär to provide information about IT security in XNUMX. Among other things, he explained what hacking has to do with bicycle tubes.
If you don't have anything to do with IT yourself, you probably only know hackers from movies and the news. Most people have probably never heard of “ethical hackers”, i.e. those who hack with good intentions and moral and ethical rules. Immanuel Bär therefore illustrated what his work as a penetration tester looks like on the School-Business campus.
…holding the bicycle tube under water to find out where it is bubbling.
Penetration testers differ from ethical hackers in that they work exclusively on behalf of the companies or organizations being hacked. The scope of a penetration test is also precisely defined in advance. Immanuel explains the purpose of such a test visually: Testing the IT security of a network with a pen test means “holding the inner tube under water to find out where it’s bubbling.”
Immanuel used a real example to illustrate how exactly he and the ProSec team proceed with such a penetration test: During a simulated hacking attack on a pharmacy, our pentesters used a phishing email to gain access to user data. They were finally able to view sensitive data such as prescriptions, customer data and salaries via the pharmacy's printer.
(We have compiled further information about our experience with pharmacy pentests here: “Check us out!” – Europe’s first pharmacy pentest)
“[U]ntertaining”, “impressive and, above all, understandable” and “with a really good message” – this is how the event participants perceived Immanuel’s lecture, according to the article linked above. In addition to clear examples, this is certainly also thanks to his “real talk” credo. What many people probably didn't realize beforehand, for example, is that, from a purely rational perspective, cybercrime is, above all, an extremely lucrative business model. Immanuel made it clear in Rottweil that the revenue from cybercrime exceeded even the global drug market.
In order to counteract this, the most important thing (in addition to technical and organizational security measures) is to raise awareness among all people behind the screens: those responsible in companies, organizations and politics must proactively address the issue of IT security. Users must be aware of the dangers – even in their everyday lives – and react to suspicious messages or links “with common sense and a sense of proportion”. If private individuals, politics, business and, last but not least, education work together on greater security awareness and cyber resilience, there is no reason for fear or concern despite the booming cybercrime business.
Finally, Immanuel dismissed his audience on the school-business campus with a positive message: “In 2023, no one will have to suffer a fatal cyber attack!” Simply let “good” hackers test you as part of a pen test before the bad ones do. Then you will know exactly what weak points your IT has and how you can close them.
Leadership vs. Management, what exactly are the differences? And what is needed in both areas to meet the current challenges?
Should standard users in your tenant be allowed to complete an Azure App Registration? The answer is clearly “no” and this article
The bad news first: In Germany there is no central nationwide emergency number for hacked companies or authorities. That's why it is