Cybersecurity — the Digital Responsibility of Every Organization

This is not a new revelation, but it has experienced heightened relevance. As early as May 2015, there was a massive cyberattack against the Bundestag. Computers in the offices of numerous members of parliament — including computers in Angela Merkel’s Bundestag office — were infected with spyware. Following the attack, the parliament’s entire IT system had to be given a general overhaul. German security authorities are convinced that the Russian military intelligence service GRU was behind the attacks. This attack, however, was merely the proverbial tip of the iceberg because almost half of the companies in Germany have been victims of a cyberattack. The damage to the German economy amounts to more than €200 billion.

Cybersecurity is the term covering the application of technologies, processes, and controls to protect systems, networks, programs, devices, and data from cyberattacks. Its objectives are the reduction of the risk of cyberattacks and prevention of the unauthorized utilization of systems, networks and technologies.

A successful cybersecurity concept comprises multiple layers of protection encompassing the computers, networks, programs, or data that must be safeguarded. The people, processes, and technologies within an organization must complement one another to ensure an effective defense against cyberattacks.

People

Users must understand and observe cardinal data security principles such as the choice of strong passwords, prudence when opening email attachments, and the regular creation of data backups. All too often, people are the weak point in the systems as they can fall for (spear-)phishing or become the victims of targeted spying and social engineering.

Processes

Organizations must have an established framework for responding to attempted and successful cyberattacks. A structure of generally accepted principles explaining how to detect attacks, protect systems, and identify and respond to threats can help. Equally important is the issue of recovery after successful attacks.

Technology

Technology is a critical element when organizations and individuals must be provided with the security tools they need to protect themselves from cyberattacks. Three main areas require protection: apparatus such as computers, smart devices, and routers networks and the cloud. Common technologies used to protect these units include next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions.

On the individual level, a cybersecurity attack can result in a multitude of serious consequences ranging from identity theft to extortion attempts to the loss of important data.

Nevertheless, cybercrime becomes a truly lucrative business when conducted on a level across all strata of society. German SMEs in particular are an ideal target; for one, they are generally financially sound, and for another, their security precautions are often below average.

Securing IT systems is a complex task that involves high financial expenditures. Using cloud services can be an efficient and cost-effective way to protect internal data.

Otherwise, however, the only effective means of countering cybercrime is through specific organizational measures. Creating awareness among employees and establishing clear rules for dealing with suspicious activities are fundamental in this regard as sensitivity cannot be raised and security cannot be improved by any other means.

The Central Cybercrime Contacts (ZAC) of the state criminal police offices and the Federal Criminal Police Office have published a new brochure entitled “Cybercrime Recommendations for Businesses” that contains useful information for commercial enterprises, offers companies tips on protecting themselves from cyberattacks, and describes actions they can possibly take if they have been the objects of cybercrime activities.