Cyberattacks on companies in Germany are currently increasing rapidly, and attackers are now not only targeting large, globally active companies, but also smaller SMEs whose IT infrastructure is usually not yet adequately protected. Last summer, the digital association Bitkom sounded the alarm and put the total damage to the German economy caused by data theft, espionage or sabotage at 223 billion euros per year. This corresponds to a doubling of the amount of damage compared to 2018 and 2019.

"Any investment in a company's IT security is a good investment," says IT security expert Thomas Gnadl, CTO at Scaltel. The risk of attack is currently higher than ever, especially for medium-sized companies: "There is still a huge amount of catching up to do in terms of protection mechanisms and strategies. Many companies are overwhelmed by the complexity of IT security, partly because they can't afford their own IT security department." Gnadl's suggestion: if you get external help, you can improve your company's IT security in the long term - on a manageable budget. "A company's in-house IT department is generally no longer able to protect the infrastructure, as it requires real IT security experts who are not available on the market or whose personnel costs are simply not economically viable. It makes much more sense to commission a service provider that specializes in IT security and concentrates on defending against cyber attacks in its day-to-day business. The service for professional round-the-clock monitoring is precisely defined," says Gnadl.

He illustrates the importance of a functioning line of defense for companies with practical figures. In its Security Operations Center (SOC), Scaltel monitors all of its customers' data streams. "We receive 10,000 to 50,000 security-related events every day. Most of them are logically summarized via our security platform using artificial and threat intelligence and filtered out as harmless. Around one per thousand of the events then have to be analyzed and manually evaluated by our security experts," says Gnadl.

Hacker attacks on the rise

In the end, there are one to ten critical security incidents per month in the SOC, from which so-called incident response cases arise, on the basis of which a security group is put together and countermeasures are initiated at the customer's premises. "The trend is clearly on the rise," says Gnadl, who and his team can now draw on 25 years of experience in the field of IT services and IT security. The latest reports illustrate this trend. In May 2022, for example, production at tractor manufacturer Fendt came to a standstill for several days following a cyber attack on its US parent company AGCO. The 4,500 employees in Germany were unable to produce or make phone calls. A few days later, the authorities in the neighborhood were also affected: due to a hacker attack, the Ostallgäu district office cut off all data and email traffic to the outside world.

"Unfortunately, the number of attacks will continue to increase. This makes it all the more important that companies protect themselves against them better than ever," says Thomas Gnadl. One of the biggest threats to companies is known to come from so-called ransomware. Hackers use encryption software to paralyze computer networks and then extort large sums of money to unlock them. Ransomware is only one part of the attack world. Phishing emails to spy on sensitive data and DDoS attacks that lead to functional restrictions are just as common as exploiting vulnerabilities in unpatched systems. "Every attack can have fatal consequences for companies. It's not just about financial losses such as ransom money. In the event of a successful cyberattack, it usually takes several weeks or months before regular operations can be resumed, as professional hackers deliberately manipulate backup systems so that they are worthless in the event of damage.

The majority of cyberattacks begin with social engineering, i.e. the manipulation of employees. Criminals deliberately exploit the human factor as the supposedly weakest link in the security chain in order to obtain sensitive data such as passwords. In a Bitkom survey conducted in 2021, 41% of the companies surveyed stated that such attempts had recently been made. Many attacks are also linked to the rapid increase in the implementation of remote and home office workplaces. "Of course, it is not enough to simply send employees home to work. It is extremely important that the devices are effectively secured and the communication channels to the company are protected. The workforce must of course be made aware of the risks in training sessions. Anyone who doesn't do this is really acting negligently," emphasizes Gnadl.

Companies in Germany are aware of the danger posed by cyber attacks: according to the Allianz insurance group's risk barometer, specialists and managers rate hacker attacks as the number one risk for their company. This was the result of a survey conducted last fall by AGCS, an industrial insurer belonging to Allianz, in which 2,650 experts from 89 countries were questioned. "We have more inquiries than ever before - and from all sectors," says Thomas Gnadl. If the worst comes to the worst, the experts from the SOC respond immediately. The corresponding processes are initiated via an emergency management system defined in advance with the customer, with the IT security experts working hand in hand with the customer's IT department.

A tip in case of suspicion

According to Gnadl, if a cyber attack is suspected in the company, the affected computers or servers should be disconnected from the network immediately, either by pulling the LAN cable or deactivating the network card and WLAN connection. However, the computers and servers should not be shut down completely. "This allows our security analysts to better reconstruct the origin and course of the attack using temporary memory data. Only if isolation from the network cannot be achieved promptly is shutting down the affected end systems the next best solution," says Thomas Gnadl.

Ingo Jensen