Looking only at absolute numbers, ransomware attacks are currently the most common form of cybercrime. In such attacks usually a computer virus is used, which encrypts all your data. Once the system is hacked, the criminals demand money in exchange for the data. The attackers send the viruses via email to thousands of accounts. Every sector is affected. The perpetrators have no special preferences. The procedure is not particularly sophisticated. The scammers don’t need any extraordinary skills either. That is why this form of attack is becoming more and more popular.
A similar opportunistic approach can also be observed in phishing attacks, where fake e-mails are sent to thousands of addresses at the same time. The goal of these popular attack methods is to trick users into giving up their passwords. The passwords are then used by the attackers to make purchases on the Internet or to access the victims’ private data.
2. What are the potential losses and who is behind these increasingly sophisticated attacks?
The losses of a cyber attack can vary, just as the methods of the perpetrators and their motivations are very diverse. The value of the attack target is also a factor to consider. Even if your PC is infected with malware and all data is lost, your loss may be limited if it is not valuable data or if you have access to an up-to-date backup copy. But if you don’t have such a backup copy and the malware has destroyed all your family photos and important e-mails, this can mean a considerable loss. The same applies to companies. Depending on the type of attack, it can range from a minor annoyance to a blow that threatens a company’s very existence. In extreme cases, the effects of a cyber attack can also endanger human lives. Just think about the recent attacks on the IT infrastructure of healthcare facilities.
The people behind such cyber attacks are as varied as the attacks themselves. At one end of the cyber food chain is the low-skilled novice hacker who can barely get his malware to work. At the other end, you may be dealing with state-backed organizations that have state-of-the-art resources at their disposal. In its essence, cybercrime is no different from traditional crime. You can meet the whole range of criminals from street thugs to global terrorist organizations.
3. What are currently the most effective methods for defending against such attacks?
Before we talk about specific actions, you should have a clear overview of the risks you or your company face. A cyber risk management process provides you with such an overview by identifying and assessing appropriate threats. If this reveals risks at an alarming level, you need to take steps to mitigate them. This is what you do in your everyday life, for example, when you detect an increased risk of intrusion. Once you are aware of such a risk, you can remedy the situation by, for example, installing stronger doors or surveillance cameras. To mitigate cyber risks, develop an overall approach that lowers the likelihood of occurrence and/or limits the impact. Such a cybersecurity approach should be based on basic guidelines that are then implemented in the different IT areas (e.g. B. at the network level, at the system level, at the data level, etc.)
An important principle here is the "layered security model," where you have more than one security mechanism for each major risk. Let’s take the burglar example again. To protect your home, install stronger locks on all your doors, but also install surveillance cameras – just in case the locks are picked. Another important principle is to keep your IT infrastructure up to date! Almost all successful cyber attacks have at some point exploited a vulnerability in the IT system that could have been avoided with regular updates. Always get the latest updates for your systems to make life difficult for cybercriminals.
You should also apply the "least privilege principle": Grant each employee only the access rights that are currently necessary, so that the impact of a compromise or misuse of access data is limited. To keep the operational impact of cyberattacks on your business low, you should also have an "assume-compromise approach" up your sleeve. These involve what to do in the event of an attack.
The above principles are not meant to be a complete toolbox. Cybersecurity is a very broad and complex field.
However, to be effective, you must proceed in a structured and proven manner. You must have cyber risk management identify and assess your greatest risks and then address them with a security approach based on clear rules.
4. How can companies ensure smart cyber risk management throughout their organization? What are your five tips?
Tips for smart enterprise cyber risk management
1. Clearly define who is responsible for what.
2. Make sure risk management is independent of operational cybersecurity. This will give you peace of mind that there is no conflict of interest preventing a quick resolution of issues.
3. Make sure senior management is constantly informed about the cyber risks the company faces.
4. Establish a strategy to protect against cyber attacks: determine tasks and projects to mitigate these risks based on the identified risks. Track the execution of these tasks at the board level.
5. Designate a security policy that provides all employees with the guidance they need to follow cybersecurity best practices: Conduct awareness campaigns to ensure your employees understand what is expected of them.
6. Adapt constantly.
Effective cyber risk management goes far beyond these basic concepts, but you should start with these steps to take an effective approach and make the most of your resources (budget, manpower, security tools).
About this blog:
The rapid shift toward global environmental sustainability is urgent. Thanks to all those who actively shape this change, real progress is possible. "Why is that important?" is a bi-monthly series that takes a brief look at pioneers of today’s trends around sustainability. Since May 2021, we have been trying to shed light on this important topic from the perspective of our experts.
Your contribution also counts! Don’t miss our practical everyday tips revealed by our experts starting in June.