As Global Sales Director at G DATA CyberDefense, Hendrik Flierman is familiar with the current security situation in companies in various industries and is familiar with their points of attack. In this short interview, Flierman describes how vulnerabilities in companies can be neutralized at the grassroots level by the company's own employees and what role the budget plays in this.

Are German companies adequately prepared for potential cyber attacks and are their protective measures sufficient?

Flierman: Awareness of the topic of IT security has also improved significantly in companies following the major incidents of recent years, but in practice we still see a lot of catching up to do and many avoidable security problems. Even though the security of operating systems has improved significantly, a properly configured endpoint protection solution is still a must. However, the issue of IT security is far from over at this point. Current attack vectors exploit not only technical vulnerabilities, but also human ones. Companies should therefore invest in security awareness training at an early stage in order to make employees part of the cyber defense and prevent expensive clean-up work in the event of a successful attack.

Regardless of the budget, which three security measures should companies implement to protect themselves from cyber attacks?

Flierman: Keyword budget: far too often we see that the IT security budget is part of the general IT budget. When new laptops suddenly have to be purchased, as was the case at the start of the coronavirus pandemic, there is no money left for security. So our first recommendation is to set up your own IT security budget. In larger companies, one percent of turnover can be taken as a guideline. In addition, companies should of course continue to use endpoint protection and configure it properly. However, this also means a structured evaluation of the log files in order to derive maximum benefit from them. The General Data Protection Regulation also means that compliance now plays a much more important role in the corporate context. If you can prove to the data protection authorities that your employees have undergone comprehensive security awareness training, you can avoid expensive penalties - and do a great deal for your own security at the same time.

Keyword security as a service: Should the manufacturing and process industry consider managed security services?

Flierman: The topic of managed security services is a very broad field, so I can't make a general recommendation for the entire industry. In principle, however, it can make a lot of sense to concentrate on your own competencies and delegate responsibility for security to a competent partner. The service provider can provide its customers with individual support tailored to their needs, while they can concentrate on their own business. In manufacturing in particular, many plant investments are used for decades and therefore require a special security concept