Many security measures can be implemented immediately and, combined with tools for recording access to internal networks, analysis is also quickly available. Nevertheless, many German companies are becoming coveted targets for cyberattacks because they have not implemented or updated their protection tools. Thomas Frahler, Business Lead IoT at Microsoft Germany, with tips and analysis.

Are German companies adequately prepared for potential cyber attacks and are their protective measures sufficient?

Frahler: The damage caused by cyber attacks on German companies is now estimated at over 40 billion euros. The number of attacks on German machine and plant manufacturers is increasing, as the VDMA said a few months ago in an interview with ARD. More than a third of the members surveyed have already been affected by production downtime and half have already suffered capital losses. DAX companies are just as much in the spotlight as SMEs, with SMEs being particularly affected according to Bitkom studies: Because they are closely integrated into the supply chains of large corporations, making them interesting targets, and because smaller companies often protect themselves less than large ones. Experts from trade associations see considerable potential for improvement, particularly in the early detection of attacks. According to a recent Crowdstrike report, it takes an average of 95 days for an attack to be detected. In 2017, it was 86 days, and the trend is rising. Furthermore, only half of German companies have an emergency management system at all. This must change.

Regardless of the budget, which three security measures should companies implement to protect themselves from cyber attacks?

Frahler: The most important step is multi-factor authentication (MFA), because passwords are an incalculable security risk. MFA immediately increases security because additional proof of identity is required when logging in. It should be combined with continuous log analysis: analyzing and aggregating security-relevant logs using a Security Incident & Event Management (SIEM) tool provides a better overall picture of what is happening in networks and environments. SIEM also helps to identify attacks that may not even be detected by anti-virus tools. And finally, clever network segmentation is also recommended: a controlled and segmented network reduces the attack surfaces and makes it more difficult for attackers to place malware that wants to propagate itself.

Keyword security as a service: Should the manufacturing and process industry consider managed security services?

Frahler: Outsourcing certain security components to a managed security service provider can bring numerous advantages. For example, it can reduce costs and improve security at the same time. Companies can focus their resources on their core business while relying on experienced service providers who are usually always up to date with the latest developments in combating and preventing cyber attacks.