Cyber security:
Fit for 2023

Currently, cyberattacks are increasingly targeting industrial companies. Our columnist Siegfried Müller explains why this is the case and what companies need to do now.

The new year has only just begun and already there are some sensational reports. One was relatively predictable: it can already be mathematically proven that “Avatar – The Way of the Water” – despite a meager opening weekend – is the most successful film of all time.

With box-office takings of 2.9 billion U.S. dollars generated worldwide (so far), it is the undisputed leader in the corresponding ranking of theatrical films.

2.9 billion – this figure sounds gigantic and everyone who hears it is probably deeply impressed by it. But compared to the sums earned on average by cyberattacks – 20 billion US dollars in 2021 in the ransomware sector alone – this amount is no longer so impressive.

But there is also good news in the area of cyber security – such as the end of January, when the ransomware group Hive was broken up. Often, the joy doesn’t last long. Because immediately comes a “but.” Understandably so, because the attackers – in this case, especially the backers and developers – are so well organized and have not only extensive financial resources, but also an excellent infrastructure and the most advanced tools. Good conditions, which probably makes it easy for the network to restructure. Or part of it simply regroups.

Great damage can be done with cyberattacks

In addition, the good news is usually trumped by the bad news anyway. Almost at the same time, it was reported that around 24 colleges and universities have been affected by cyber attacks so far – including Freiburg, Leipzig and Wuppertal. The focus is primarily on tapping research data in all relevant areas – from the technical sciences to the natural and social sciences – but of course a lot of sensitive personal data is also stolen.

In short, these attacks can cause a great deal of damage, not least because they often force a university to cut all connections to the Internet, which can have a negative impact on regular teaching.

Consequently, this year’s known circumstances will put both industry and society in general to the test. We must prepare well for this now.

These countries are at the center of cyberattacks

It seems that certain circumstances – such as the prevailing global insecurity due to the geopolitical situation – lead to corresponding reactions. It seems that Germany, France and the USA are increasingly becoming the focus of attacks. In addition, there is usually enormous pressure on the individual companies, as they still want to achieve optimum results with the available (also financial) resources and additionally given bottlenecks. This economic consideration could result in a serious imbalance: fewer or equal investments in cyber security measures versus ever more numerous and massive cyber attacks.

However, in this context, I am not convinced that the majority of attacks are targeted at specific companies or even selected universities, but rather that the respective successful attack is more of a random product. Figuratively speaking, the hacker groups throw out a bait with their fishing rods – i.e., the most advanced tools already mentioned – and wait to see who eats it first. Once a security vulnerability has been found on this basis, a targeted attack can then be planned and implemented with great precision.

What is particularly relevant for manufacturing companies

It is immediately obvious that such opportunistic attacks – including phishing emails sent en masse – are currently increasingly targeting industrial companies. On the one hand, they are a worthwhile target from a purely financial point of view, and on the other hand, the employees in the OT departments are not yet as well versed in this area.

For this reason, greater attention should be paid to this this year. The consequences for manufacturing companies can be much more drastic than in other sectors – simply because an attack can potentially lead to a standstill in production and this is often associated with high costs. For this reason, the IT infrastructure of every company should be checked for possible entry points and appropriate protective measures implemented for the weak points detected. For this purpose, a holistic security concept must be created in which the necessary IT security solutions are defined for the existing risk potential.

As part of the corresponding strategy, I believe it must be kept in mind that awareness training alone is not enough to be able to adequately counter the threat potential. Because these attacks occur purely at random, it is rather difficult – especially in the production environment – to prepare employees properly and to keep their attention at a consistently high level.

Conclusion: Companies must no longer procrastinate

Actually, wishes for a new year should not be accompanied by admonishing words. But in my opinion, the security situation is such that this is unavoidable. Companies really can’t procrastinate now and need to take care of their IT and cybersecurity. For that, they also need education and assistance.

That is why I am pleased that we have a new BSI president. After all, both this office and the body under the sign of a future authority are essential for Germany’s reputation abroad. We have to show that we attach great importance to IT and cyber security and will do everything we can in the future to counter hostile attacks.

 

___

The column was published in its original German version on produktion.de.

Find your sales partner

Find your personal contact person in your area.

Start your remote services

Are you looking for an all-in-one solution? Try our web-based remote access portal today.

u

We are here to help you

Questions? We can help you. For direct support, you can also call us.

Stay informed

Subscribe here to get updates on IoT and remote access solutions, products and features and get the latest cybersecurity updates.

You have questions?

Write us!

Allgemeine Anfrage EN

Callmeback

As a strong brand of Red Lion Controls, MB connect line product line provides you with solutions for Secure Remote Access, IIoT & Industrial Security.

Together we unlock the value of data by developing and manufacturing innovative solutions to access, connect and visualize your information.

Two Brands. One Team.