The damage was 203 billion euros Economy in Germany in 2022 due to cyber attacks – this is the current conclusion Report from Schwarz Digital. Economic development must therefore also include the promotion of cyber resilience. The Westerwaldkreis Economic Development Association (wfg) also knows this. The wfg podcast “Highlights” therefore had our co-founder Immanuel Bär as a guest to support SMEs on the topic of cyber security. The conversation resulted in 3 concrete tips that every company can implement.
Cyber security often only becomes a real top priority once something has already happened.
“Actually everything is very simple and actually everything is very obvious, but not yet so present in everyday life” – this is how interview partner Katharina Schlag summarizes her perception of IT security in the professional and private environment. This also corresponds to Immanuel Bär's experiences: Cyber security only becomes a real top priority in many companies “when something has already happened”. This could be the case either directly through an acute incident in the company itself or indirectly through incidents in the supply chain. In these cases, a crisis team must be formed; it may not be possible to produce or work as usual.
Unfortunately, Immanuel Bär rarely experiences real intrinsic motivation to take care of the issue of IT security. Often it is only an incident or external regulatory circumstances that drives those responsible to call in expert teams such as ProSec. This is the case Early work on your own cyber resilience on your own initiative "economically the smartest and cheapest”, Immanuel makes clear in the conversation.
For cyber security to work, it must have a fixed place in the corporate culture and not be relegated to the back burner as a necessary evil. But another aspect is also of crucial importance, as Immanuel Bär emphasizes in the wfg podcast: If a team member has clicked on a suspicious link or accidentally disclosed data, the person must be able to report this to their superiors without fear of punishment. Conversely, superiors must react sensitively to such reports.
What can managers do now to strengthen their company's cyber resilience? This is what a wfg seminar series is about, in which Immanuel Bär also shares information and best practices from his many years of experience with ProSec:
When? Friday, 15.12.2023/XNUMX/XNUMX
Where? Hotel Deynique (Hilserberg 20, Westerburg)
Details? On website of the wfg
“User awareness” is a term that you inevitably come across again and again in connection with IT security. However, Immanuel prefers the term “Security Awareness” because it gets to the heart of the matter better and does not place blame on users across the board. Because he is fully aware of this: he himself could be hacked with the right social engineering attack at the right moment.
So how can companies create security awareness in their teams that doesn't wear out or is only processed pro forma? Immanuel formulates his solution with a laugh: “Security awareness that claps.” What do you mean with that? Immanuel explains that at Awareness, he and his team rely less on abstract lectures and more on real experiences. That's why our penetration tests often include social engineering campaigns, in which our pentesters, for example, send simulated phishing emails to the company's mailing list.
“Only when you sit in front of the computer and it really happens do you get the pulse you need to REALLY understand it,” says Immanuel, summarizing the basic idea. The employees are then not left alone with their experiences, but rather, for example, in the context of a highly individual presentation with concrete examples from the campaign, they are comprehensively informed and advised on how they can protect themselves from real attacks of this type.
One thing is clear: there can never be 2023 percent security on the Internet. Nevertheless, in XNUMX no one will have to be completely paralyzed by a cyber incident, emphasizes Immanuel Bär in the wfg podcast. The right preparation is everything: In addition to measures for greater cyber resilience, it is crucial to have a (tested) emergency plan in your pocket.
For companies that don't yet have such a contingency plan, Immanuel and the podcast hosts have some tips:
Leadership vs. Management, what exactly are the differences? And what is needed in both areas to meet the current challenges?
Should standard users in your tenant be allowed to complete an Azure App Registration? The answer is clearly “no” and this article
The bad news first: In Germany there is no central nationwide emergency number for hacked companies or authorities. That's why it is
