Deep insight into the world of IT security – strategies for the future

"Nope, everything is quiet here” – was the IT department mistaken? Our ethical hacker and co-founder Immanuel Bär is currently sneaking through the systems and is being Business punk-author Hilmar Poganatz. He didn't even have to be so quiet. You can find insights in the article below - even more details in the full article in the Output 2024 / 05 of the magazine.

Table of Contents

Business Punk accompanies our co-founder Immanuel during a collapse in orders

In the latest issue of Business punk the author Hilmar Poganatz shows how important comprehensive IT security measures are - and how frighteningly easy it can be to circumvent them. As part of a penetration test that our co-founder Immanuel carried out with a team colleague, security gaps in a large German mechanical engineering company were uncovered.

Even the (literal) entry into the company shows how much can be achieved through clever social engineering: with a smile and a laptop under his arm, Immanuel passes the reception and enters conference rooms and factory halls without any problems. Such calm approaches make it clear that (IT) security is not just a question of technology, but also of physical control and the human factor.

The way into IT systems – attacks directly on site

The article describes in a particularly impressive way how Immanuel manages to hack into the company's internal network. He goes through the factory halls into the foreman's workshop, where he can easily read passwords and install malicious scripts using a prepared USB stick, a "Rubber Ducky". This type of attack shows how much IT security can be endangered by physical vulnerabilities.

But that's not all: In the office, he comes across post-its with passwords written on them - a classic mistake that can still be found in many companies. This small carelessness can potentially cause huge damage.

At this point, at the latest, the company fell.

Immanuel about the moment when a Trojan horse in the form of a small computer is successfully connected via LAN.

ProSec co-founder Immanuel Bär

One million euros in damage – every day

A central theme of the article is the financial damage that can result from such security gaps. According to the industry association Bitkom, cyber attacks on companies in Germany cause billions of euros in damage every year. The mechanical engineering company that is tested in the report also estimates that it could suffer millions of euros in damage every day in the event of a successful attack. And such scenarios are no longer rare.

Why such "contract hacks" are crucial

The article by Business punk clearly shows why regular penetration tests are essential. Even companies that believe they have their security measures under control are often proven wrong when an experienced penetration tester like Immanuel is at work. Many vulnerabilities are not immediately visible and only become apparent through simulated attacks. The risk posed by vulnerabilities such as missing access controls can also be assessed much more realistically by actively exploiting them.

Cooperations with media such as Business punk help us to raise awareness of IT security. It is important that not only IT professionals, but also executives and managers understand what threats exist and how companies can protect themselves - for fewer password post-its and more real awareness.

By the way: Immanuel and Business-PunkAuthor Hilmar Poganatz left the factory premises in a company car, befitting their status - they quickly secured the key. The hacking then continued undisturbed in the hotel, thanks to the digital doors to the system that they had previously opened.

Would you like to put your IT security to the test?

Contact us if you want to know how secure your IT systems really are. Our penetration tests uncover vulnerabilities before attackers do. Contact us for a no-obligation consultation and find out how we can help you strengthen your security precautions and ward off cyber attacks.
How do I reliably protect my company from hackers?
With the support of good hackers!
Contact us now
OTHER CONTRIBUTIONS

Table of Contents