Current cyberattacks - underestimated dangers

The aluminum manufacturer Norsk Hydro provided an example of this last year. The company fell victim to a ransomware attack, which resulted in several of the Group's sites in various countries being affected by production interruptions. The costs of this incident are likely to have been considerable. However, companies from the manufacturing industry have also been targeted by cyber criminals in Germany in recent months. In these attacks, the attackers used prepared file attachments purporting to contain invoices from 1&1 or information on a supposed tax refund to deceive their potential victims. The attachments were prepared in such a way that the malware GuLoader first infected the victim's PC after the user activated macros. GuLoader is a so-called downloader that only loads the actual primary malware after the initial infection. In the case in question, the Hakbit ransomware was then installed, which in turn encrypted the data on the victim's system and only released it again after a ransom was paid.

However, companies in the manufacturing industry in particular often underestimate the threat posed by such attacks. Although IT security managers are aware of the complexity of their IT and OT systems, one important aspect is regularly neglected. This is once again illustrated by this summer's cyber attacks: for years now, the primary cyber threat to companies has no longer been due to security vulnerabilities in their technical infrastructure. Nowadays, the biggest gateway for attackers is by far the individual employee who uses and operates the IT and OT systems.

Employees as the last line of defense

Initially, cyber criminals don't care who in a company falls for one of their methods. Be it by passing on access data on a phishing website or by infecting a company system with malware. The most important thing for them is that they can establish a kind of bridgehead in the company's IT, from which they can then carry out further actions. These can range from a ransomware infection of the company to fake emails in the name of the organization, which are used to convince business partners to disclose information or even transfer funds to the cybercriminals' accounts.

For this reason, it is necessary to keep an eye on the entire workforce when it comes to IT security and not just selected VIPs, who are most likely to be attacked. Instead, it is important to protect all employees in the best possible way. Regardless of their hierarchical position in the company, however, taking into account the respective level of risk - i.e. the extent of their access rights and any signing authority.

Unlike in the early days of cyber security, when the industry focused primarily on technical security vulnerabilities, this way of thinking is now considered outdated by experts. Cyber criminals have long been trying to exploit the human weaknesses of employees in order to successfully carry out their attacks. To this end, attackers are constantly coming up with new methods and lures to encourage potential victims to make a careless click. One such click can often be enough to pave the way for the cybercriminals. Opening a prepared document or visiting a website that loads malware unnoticed is usually enough.

Study highlights ignorance of many employees

But how can such careless actions by employees be prevented in order to improve the company's protection? First of all, IT security managers need to be aware that knowledge of cyber threats is not as widespread as some would like to assume. The latest State of the Phish report from Proofpoint shows, for example, that only 61% of employees surveyed worldwide are familiar with the term "phishing". In the United States, the figure was as low as 49%, whereas employees in Germany came out on top with 66%. Other cyber security terms also posed difficulties for a large number of employees. For example, only 31% of respondents were able to correctly classify "ransomware". However, it is worth noting that in the previous year's survey, 45% of respondents correctly classified this cyber threat. One explanation for this could be that ransomware attacks have fallen sharply since 2018 and therefore appear less present in people's perception.

When it comes to passwords, many employees still have a lot of catching up to do when it comes to the security of their access data. The fact that passwords are often used for different services and accesses is a particular thorn in the side of security experts. In the survey, only 23% stated that they use a password manager. And only 32% of respondents use an individual password for each service. 29 percent switch between five to ten different passwords and a full 16 percent always use the same one or two passwords for all their accesses.

Raising awareness of cyber threats is crucial

These figures show that employees are still far from having the level of IT security knowledge required to comprehensively prevent modern cyberattacks. It is therefore necessary to educate all employees - regardless of their role in the company - about the dangers in this area and to raise their awareness of them in the long term. This is precisely the aim of special cybersecurity awareness training courses, which have a long-term effect on participants. Unlike conventional training courses, for example, participants are not introduced to the topic in a training course lasting several hours. Instead, the aim is to integrate IT security into the everyday lives of employees. Short but recurring training sessions are designed to keep employees constantly up to date with the latest cyber risks. In addition, fake cyber attacks that employees are confronted with in their day-to-day work are used to train their vigilance, which leads to lasting success.

High costs in the event of successful attacks

While a successful cyberattack is a severe test for any company, the consequential costs of an attack can vary from industry to industry. The extent to which a company relies on a functioning IT infrastructure also has an impact on how much damage is actually incurred in the event of a cyberattack. However, one sector in particular stands out here: for manufacturing companies, attacks by cyber criminals are usually associated with immense costs. The networking of their systems often brings their entire production - sometimes at different locations - to a complete standstill. The financial damage can quickly run into the millions.

It should therefore be a concern for those responsible for security in manufacturing companies to ensure that their own systems are protected by more than just network protection. Comprehensive protection requires much more of a combination of secure technical systems that take modern attack vectors into account and employees who are aware of cyber risks. This is the only way to counter current threats in the best possible way and sustainably prevent damage such as that suffered by automotive supplier Leoni in 2016.

Miro Mitrovic, Senior Manager, Germany at Proofpoint