The massive hacker attack on the district administration in Ludwigshafen at the end of October 2022 paralyzed its digital infrastructure, so that citizens can currently only resolve their concerns in person on site. Our founder Tim was a guest on the radio station SWR3 as an expert and provided information about IT security in general and the situation in the public sector in particular.
Tim notes that there are generally very good people in municipalities and administrations who take the subject of IT security seriously and are competent. The problem is that there are too few of these good people to be really well positioned.
If you don't master offense, you don't understand how these people work. Then you can't protect yourself from it.
This problem cannot be solved in the short term. But in the long term, better, centralized training in IT security is an important step, says Tim. For example, there is currently no classic course of study on this content or training as a penetration tester.
Tim notes that the human factor is very important when it comes to digital security. Statistically speaking, technical vulnerabilities are rarely used for attacks. Instead, hackers mostly use social engineering – for example, using phishing emails.
On the one hand, people are the "weakest link" in the security chain. On the other hand, it takes "men-power" with know-how to correctly configure and maintain the corresponding security products. In Tim's opinion, this is even more important when it comes to protecting against cyber attacks than the money factor, which cannot be ignored.
But what happens if, despite all protective measures, a successful hacking attack occurs? Then you need a contingency plan. This is now even available in most companies and authorities, says Tim. But he is usually not sufficiently rehearsed. If the emergency plan is not implemented routinely, mistakes can quickly occur or it may not be possible to implement it as planned.
At the end of the conversation, when the moderator asks Tim for a tip that doesn't cost money, he doesn't have to think twice:
A tip that doesn't cost any money: think before you click!
You can watch the whole interview with Tim on SWR3 here:
The OpenAI data breach highlights the risk of security vulnerabilities at third-party providers. The company was affected by a smishing campaign targeting its web analytics service provider, Mixpanel. Attackers gained access to sensitive data.
The FBI reports that account takeover (ATO) fraud has caused over $262 million in losses this year. Cybercriminals are using social engineering to access corporate data and are gaining the upper hand with AI-powered infrastructure. Companies must rethink their security strategies and take preventative action.
The advanced persistent threat (APT) "ToddyCat" targets business-critical emails, thereby exposing companies to economic espionage. Cybersecurity analysts at Kaspersky warn of this serious threat and explain how companies can effectively counter these attacks. Protecting trade secrets and other important information is paramount.
