Enlarge image
The
Federal Office for the Protection of the Constitution
recently warned of more hacker attacks
Photo: Oliver Berg/ dpa
Since Russia attacked Ukraine, German companies have been preparing for a possible cyber war between Russia and the West.
The situation is coming to a head, and the conflict has long since reached the Internet.
While the hacker collective Anonymous is making virtual threats to Russian President Vladimir Putin, the Federal Office for Information Security (BSI), which is responsible for all relevant IT security aspects in the country, is increasingly warning of IT attacks from the east.
The authority recently classified the threat situation for German companies as "orange", which is considered business-critical according to the BSI's definition.
Stacks are the red and crimson levels, where the damage effects would be huge and infrastructure could collapse.
The Office for the Protection of the Constitution recently warned of increased attacks by Russian hackers.
Before the war in the Ukraine, the threat level was noted as low.
Hacker attacks have been increasing for years.
2021 was a record year for virtual attacks.
The focus is on terms such as ransomware: blackmail software that criminal hackers use to try to extort money from companies or authorities.
To do this, they encrypt computer systems and only release them again when money has flowed.
In May 2021, for example, some parts of the US ran out of fuel because hackers were able to shut down a key pipeline and demanded a ransom to get it running again.
The incident in the USA showed how quickly critical infrastructures can be paralyzed and how operational the virtual world could be as a weapon in war.
Experts have therefore been warning of a cyber war since Russia attacked Ukraine.
"Many hackers are only interested in pure destruction"
Many hackers are no longer concerned with money, but with pure destruction, as IT security expert and member of the board of the European Academy for Freedom of Information and Data Protection in Berlin
Dennis-Kenji Kipker
(35) explains.
"We now have a new situation," says Kipker.
Currently, it is no longer just about fishing data or other financially attractive yields for hackers.
"Many hackers are only interested in pure destruction," he says.
Should a real cyber war with targeted attacks on large companies take place, Germany and its companies are ill-prepared.
"Germany is not prepared for a cyber war," said Kipker.
Due to unclear official responsibilities and too few IT staff, Germany is currently hardly able to act and be operational in the event of targeted cyber attacks.
Lack of staff and outdated security systems
This is also shown by Cisco's "Security Outcomes" study.
According to this, almost half of the security technologies used in German companies are outdated, which means that companies would be poorly prepared for cyber attacks.
"And that doesn't just affect small and medium-sized companies, but also critical infrastructures, as successful attacks in the healthcare sector have shown time and again," says Kipker.
"At the latest since the IT Security Act 2.0, which was done more badly than right, the state has gotten caught up in a nested system of responsibilities. It understands cybersecurity more and more as an official administrative process that can be processed," says the expert.
But cyber security is also a question of technological innovation.
Key technologies now have to be painstakingly retrieved
Even more authorities and laws alone cannot create more cybersecurity in the long term.
In addition, there is a significant shortage of skilled workers.
"People backed the wrong horse politically for decades by selling out and outsourcing key technologies that now have to be laboriously (politically) brought back," says Kipker.
At the beginning of the year, the Bitkom industry association estimated around 96,000 vacancies for IT specialists.
In its "Future of Job" report published at the beginning of the year, the Boston Consulting Group expects that there could be a shortage of around 1.1 million IT specialists in Germany by 2030.
Telekom measures millions of hacker attacks every day
How urgent the topic is can also be seen on the Deutsche Telekom servers.
The company registers up to 80 million attacks every day.
"And those are just our systems that actively measure attacks," says
Thomas Tschersich
(52), head of Telekom Security.
Seven years ago, the numbers were between one and two million a day.
"The hacker attacks have been increasing continuously for years," he says.
Since the outbreak of war in the Ukraine at the end of February, however, there has not been a separate increase at Telekom.
"In view of the warning from the Office for the Protection of the Constitution, I would say that you always have to be vigilant and careful, but I think hysteria is inappropriate," says Tschersich.
The goals and procedures of Russian hackers are similar.
Attackers would either try to overload the network so much that the systems would crash, known as DDoS.
Or they act with so-called spear phishing attacks, which, in contrast to normal phishing attacks, specifically try to get the access data of certain people by fraud.
The attackers then often use what is known as whipper malware to delete data or hard drives or render them unusable.
Telekom feels well prepared should attacks actually become more frequent.
With continuous monitoring and 1,600 security experts in Telekom's security company, the company is well equipped.
However, too much protection can also harbor dangers: After the company, it is important to note not only to focus on building a high protective wall.
"We shouldn't just build virtual fences, we also have to invest in detecting attacks in order to be able to classify them," says Tschersich.
Nine main Russian attacking groups are currently known.
"We keep an eye on the cyber activities of these groups and are accordingly vigilant," said Tschersich.
Businesses prepare for increased attacks
Other German companies are also cautious.
"Of course we are monitoring the security situation very closely and are constantly adapting our precautions," said a spokesman for the software manufacturer SAPs.
For security reasons, the company has not released any details.
Allianz made the same statement.
Currently, however, the large German companies do not seem to be registering more attacks than usual.
"However, we have been preparing for increased activity in the cybersecurity area for some time," says a spokesman for Siemens.
The in-house system is efficient.
"We are constantly monitoring the situation - both in the real and in the digital world. Technical and tactical conclusions are drawn from this, which flow into our countermeasures," said the Siemens spokesman.
BASF and Siemens increase protective measures
BASF is also upgrading its cyber security.
"We take the threat in the current situation very seriously and have taken further protective measures," says a spokeswoman for the company.
Here, too, the threat situation had already intensified before the Ukraine war.
"The attackers are becoming better organised, are using new technologies and have more resources at their disposal," says BASF.
However, security authorities would offer quick offers of help.
"Our protective measures are carried out in close cooperation with experts inside and outside the group, including with the responsible security authorities."
BASF also continuously invests in its own cyber security and uses globally standardized procedures to ensure its own IT security.
These include stable IT systems, back-up procedures, virus, access protection and encryption systems.
"The systems for information security are constantly checked, continuously updated and expanded if necessary," says the spokeswoman.
Employees are regularly trained in information and data protection.
Expert Kipker also advises this.
Companies shouldn't put off operating system updates, employees shouldn't log on to every website, and they should follow well-known rules for the security of e-mails and data.
The IT security expert advises that companies should check more closely in future which programs they use and how they secure their data.
"It is important that the data backup is detached from the productive system and not in the live network," he says.
BSI warns of Russian virus program
A few days ago, the BSI warned of certain programs or software providers that are used a lot.
Including about possible security gaps of the Russian company Kaspersky.
The company's virus protection products have been trusted for many years, and the company's products are on millions of German computers.
The BSI warns that access to Kaspersky's virus protection could pose a security gap.
Users should replace the software with alternative products.
Kaspersky rejected the representation.
The group has no connection to the Russian government.
You are working with the BSI to refute the concerns.
From the point of view of the IT company, the authority's decision was politically motivated.
Kipker also suspects political reasons behind the warning.
"Nevertheless, there are always dangers where we give up control of IT, and this is particularly the case with hardware and software with extensive access rights," he says.
He therefore recommends purchasing IT products and IT services from Germany or the EU whenever possible.
"This not only helps to establish compliance conformity, but can also protect against unpleasant surprises at a later point in time," says Kipker.
Now at the latest, companies should think about what really business-critical data is and how it can be adequately protected.
"Not only self-protection, but also protection of customer data is important," says Kipker.
For example, online shops should adequately secure address and payment data.
Manufacturers of electronics and software should ensure that they meet the legal requirements for IT security and technical data protection.
"There is still a lot of room for improvement here in particular: IoT devices, wireless devices that can connect to the network, regularly have significant weak points. This often shows that security has not been included in the development process of new products", like Kicker.
Therefore, companies should generally regard IT security as an added value - also in order to reduce their own liability risks.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
