Login names and passwords often end up in the wrong hands through phishing
© Getty Images/iStockphoto / tsingha25/iStockphoto
The threat to companies from attacks from the Internet is constantly increasing. Just a few days ago, the management consultancy showed KPMG with the publication of a study on that the number of Cyber attacks tripled in one year have. Each of the 903 companies surveyed has been targeted at least once. It is all the more important for companies and their employees better prepared for cyber threatswas the tenor of one roundtable discussion on the subject of “Zero Trust” on Monday at the A1 headquarters.
Distrust is announced
The Zero-Trust-Prinzip states that when dealing with a company’s data, mistrust is the order of the day. It shouldn’t be enough to be able to log into a company’s network with an employee’s access data and access all the data there. Instead, according to the principle, one must assume that Attackers could have obtained access data. Employees should therefore only have access to very specific parts of the data, while others remain protected. Each access is also precisely logged and analyzed, and an alarm is raised immediately in the event of anomalies.
Thomas Arnoldner (A1) and Ronke Babajide (Fortinet) at the roundtable discussion on cybersecurity and Zero Trust
© A1/APA-Fotoservice/Juhasz
Difficult to spot fake people
A common way in which employee access data can fall into the wrong hands is Phishingsays Thomas Arnoldner, CEO of the A1 Group: “Due to the advances in technology, such as deep fakes, it is even for well-trained people difficult between pretended and real people to distinguish.” Attackers who pretend to be colleagues could more easily persuade employees to reveal access data.
“Digitization is an integral part of our lives. Every movement can become the target of an attack,” warns Ronke Babajide from the cyber security company Fortinet. “The Mensch is the greatest risk factor,” is an often-heard wisdom. Stealing an employee’s access data is common for cybercriminals easier than corporate networks technically crackable. “If you can enter access data, you bypass all security precautions. If that happens, you have to make sure that attackers can cause damage in the smallest possible radius of the network.”
Much more external access
In the course of the corona pandemic, Working from home and thus external access has increased significantly. This circumstance was immediately exploited by cybercriminals, says Arnoldner. In addition to the source of danger are becoming more and more connected devices, which are being used by businesses in the wake of the Internet of Things (IoT), says Richard Malovic, CEO of cybersecurity firm Whalebone. Not all are well secured.
Klaus Steinmaurer (RTR), Isabell Claus (thinkers.ai) and Richard Malovic (Whalebone)
© A1/APA-Fotoservice/Juhasz
AI makes things even more difficult
Then there is the topic artificial intelligence, which both attackers and defenders use against cyber attacks, but only if you are familiar with it and have the necessary resources. A lack of resources is a problem, especially for small and medium-sized enterprises (SMEs), says Isabell Claus, co-founder of the AI company Thinkers.ai. This is exactly what A1 wants to support by Security services for companies offers, says Arnoldner.
Playful training
First and foremost, it is crucial to train employees, and that is in a way that doesn’t bore them, says Babajide. Very promising are here “Gamification“Approaches to imparting cyber security knowledge in a playful way. Dealing with cyber security solutions must also be as easy as possible user friendly designed, says Klaus Steinmaurer, managing director of the telecom regulator RTR. “You don’t make employees happy if they have to authenticate themselves ten times at work.” According to Babajide, this could be ensured by automated processes in the background that employees do not even notice.
Benefits for both sides
In the end, the message to companies is: Everyone can target of an attack become. You have to deal with the topic of cyber security before anything happens. According to Malovic, companies have many more resources than attackers, so they have an advantage. Isabell Claus warns, however, that every company has to raise the resources for itself, there are hardly any cooperation. In the public sector in particular, funds for cyber security are scarce, but the pressure from rapid developments in the IT sector is great.
This article was created as part of a cooperation between futurezone and A1.
