March 28, 2023
If you're concerned with IT security, you can't miss the OWASP Top 10. The non-profit organization Open Web Application Security
Our co-founder Immanuel was a guest at Radio Bonn/ Rhein-Sieg and answered questions about "Security on the Internet" from the moderator team Nico Jansen and Jasmin Lenz and their listeners. Being a friend of practical examples, he put the radio station's IT security to the test before arriving in the recording room.
If you were invited as a professional hacker to an interview at Radio Bonn/ Rhein-Sieg, you would also visit the server room first before the recording room, wouldn't you? Our co-founder is a friend of practical examples and put his hosts to the test twice:
Could an attacker be in the radio server room unsupervised and wreak havoc there? And what about the digital security of the presenters?
For example, could a hacker get the contact information in the smartphone and use it for deception?
You can hear how the staff at Radio Bonn reacted to the unannounced test in this recording of the interview:
Immanuel is committed to security in the digital space not only in his role as a professional hacker (the official term is penetration tester). He also sits on the digital advisory board of his hometown of Koblenz, for example, as he reports in conversation. Among other things, he is helping to ensure that the increasing digitization and networking of public infrastructures (keyword "smart city") includes security aspects.
In his view, Germany is very well placed to position itself in terms of cyber security: With the Federal Office for Information Security (BSI), for example, we have a body that explicitly takes care of digital security issues in Germany. For so-called critical infrastructures (CRITIS), there are requirements in Germany with regard to their resilience, which also include IT security. This is an advantage over countries that do not have such rules, says Immanuel.
Our burglary rate since our establishment in 2016 is 100%.
On the topic of business, Immanuel turns the tables and has a question for the presenters: What do they think our customer burglary rate is since our founding in 2016? However, Nico Jansen is off the mark with his estimate of "something like 50 percent already." In fact, our penetration tester team has been able to penetrate every customer's network so far.
How can this be? Immanuel identifies two main reasons for the existing weaknesses in companies: Upstream, he says, is the thought process of "Who's going to hack us?" Many companies think they are too small or too insignificant to be targeted by hackers. However, this is a fallacy, as many attacks are not targeted at a specific company at all, but are widely spread.
Immanuel notes that this false assumption means that essential detector measures (monitoring) are not even introduced downstream in companies. A particularly easy target, for example, are company websites where IT security aspects have not been taken into account. One thing is clear: "Good hackers are lazy" - and therefore always look for the easiest way.
If a company has fundamentally established protective measures, it is quite possible that even the ethical hackers at ProSec will fail at first. However, the principle of "try harder" then applies. If in doubt, the penetration testers then gain physical access on site disguised as service providers (or, like Immanuel at Radio Bonn/Rhein-Sieg, only with network cable in hand). There is always a way, as our "intrusion rate" shows.
Here you can once again hear Immanuel personally explain his view of IT security in government and business - and what the "website Friedolin around the corner" has to do with it:
For Immanuel, the question of how to achieve greater security on the Internet in everyday life is preceded by a fundamental awareness of how digital every individual now is: starting with cars, which are now more computers than motorized vehicles, through smart refrigerators and voice assistants to accounts at countless online stores. This list makes it very clear how many attack vectors we all have in the digital space. Because digitization always means vulnerable interfaces, Immanuel makes clear.
If, in the first step, we become aware that our robot vacuum cleaner has, for example, a web server, a GPS module and a camera, we can work in the next step to increase our security without having to give up the convenience of digitization.
Awareness of potential vulnerabilities is a good start, but of course it won't make you any safer on its own. With these 4 simple measures, you can already increase your digital security enormously:
Immanuel explains: Almost no one can reliably remember a large number of complex passwords. And even if you can, you probably use the same password or variations of it several times out of convenience. If one of your passwords gets into the hands of hackers due to a data leak and they can match it to your person, they will have an easy time with your other accounts. The solution is simple and convenient: password managers allow you to create individual and secure passwords for each account. It hardly matters whether you download an app specifically for this purpose or use the password manager integrated in the operating system of your devices. Anything is better than "Sommer123"!
Updates may seem as annoying as the requirements for good passwords, but they are essential for the security of your devices and networks. Updates not only extend functions or improve usability, they often close known security gaps. What can happen if you ignore updates for too long? This is shown, for example, by the global hacker wave in February 2023, which exploited a security vulnerability in ESXi servers for which a patch has been available since February 2021.
The 2-factor authentication is also an effective protection against hackers. Even if an attacker was able to get hold of your password, he will encounter another hurdle. In most cases, the attacker will turn to easier victims at this point at the latest.
The greatest weakness and at the same time the most important weapon in the fight against cyber attacks is the human factor. Immanuel has a mnemonic for this: "Think before you click!" To explain, he adds: "Always consider the "head and context" of unexpected messages or prompts: Does this message make sense in terms of content? Can it be?
For more information and tips on digital security in everyday life, visit the following addresses:
If you would like to listen to Immanuel's original recording of these tips, you can find it here. In it, he also addresses the question of what he thinks of voice assistants like Alexa and Co.
If you're concerned with IT security, you can't miss the OWASP Top 10. The non-profit organization Open Web Application Security
Burp Suite by Portswigger and OWASP ZAP are both programs with a proxy server that run on your local device. With
When cyber insurance and penetration testers work together, the result is great value for all involved. Why this is so and