The year 2020 provided German companies with a strong boost in digitalization and at the same time demonstrated how flexibly cyber criminals react to current topics and trends. While companies rushed their employees to work from home and established digital processes, attackers also adapted their methods to the new circumstances. The coronavirus pandemic and the associated IT risks will continue to shape day-to-day business life this year. Companies can strengthen their digital defenses with the following measures:

Tip 1: Network segmentation

Ransomware continues to be the biggest threat and the number of attacks increased dramatically during the pandemic. According to the BSI's latest IT security report, the situation was dominated by the Emotet malware program, as in the previous year. It enables malware to spread in a cascade within a network and gradually infects all existing systems in order to subsequently encrypt the data and extort ransom money. "One protective measure against this threat is network segmentation," says Raphael Vallazza, CEO of security specialist Endian. "Just as bulkheads divide a ship into several segments to keep it seaworthy in the event of a leak, several network segments also prevent the unchecked spread of malware." The use of IoT gateways is suitable for fast and efficient network segmentation. By placing them in front of the individual segments, no changes to the network structure are necessary. In addition, modern gateways are equipped with a range of security functions that can ward off a variety of threats.

Tip 2: Secure authorization

Advancing digitalization and more employees working from home are leading to a growing fragmentation of IT landscapes in companies. More and more external devices and users are demanding stable access to central company resources. IT administrators therefore need a central tool that they can use to manage all access rights. This allows granular rights and authorizations to be granted and revoked for individual users or user groups in real time. It is also helpful to have rules that define where and when access is permitted, for example during normal business hours and from the employee's home office or workplace. For example, access from a country in which the company has no branch office can be prevented.

From passwords to secure M2M communication

Tip 3: Two-factor authentication

Insecure passwords continue to pose a major security risk. Anyone who takes a look at the top twenty list of German passwords (Hasso Plattner Institute) will quickly recognize the scale of the problem: the simple 123456 series of numbers has been in first place for years, followed by 123456789, passwort and similarly simple combinations that an automated brute force attack can decrypt in seconds. Especially in light of the home office trend, companies should therefore go one step further and rely on two-factor authentication for their employees' remote access. Here, another factor is integrated into the login process, which represents an additional barrier for attackers. The most common is the "ownership component", where the user must own a specific device, such as their smartphone, to which a temporary password is sent.

Tip 4: Certificates for M2M communication

In the Internet of Things (IoT) and in the Industry 4.0 environment, more and more devices are networked and communicate with each other. As with their employees, companies must also ensure that only those who are authorized to access their systems have access to their machines. Certificates are becoming increasingly important in this context, as they ensure secure machine-to-machine (M2M) communication. They give every device and every machine a unique identity with which they can identify themselves to other machines, systems and people. Certificates are also used to encrypt communication so that data cannot be stolen or manipulated, for example when it is transmitted to a central IoT platform.

Tip 5: Sensitize employees

Attackers continue to exploit the human vulnerability and simply send their malware by email. Working from home, uncertainty and constantly changing regulations to combat the pandemic are making so-called phishing attacks even more successful. For example, emails are sent that supposedly contain important information about the current regulations or economic aid. As soon as the recipient clicks on a link or attachment sent with the email, a malicious program is installed. Social engineering attacks have also increased. Here, cyber criminals specifically contact employees in order to obtain sensitive information or persuade them to transfer money. Employees working from home do not have the opportunity to quickly coordinate with a colleague and are therefore even more vulnerable to attack. Companies should therefore sensitize their employees to the various risks and draw up appropriate recommendations for action.

Minimize residual risk

Tip 6: Visualize networks

Networks are becoming increasingly complex. With the help of network visualization, administrators can maintain an overview. A graphical representation makes it easy to understand which sensors, devices and people communicate with each other within the company network and which systems they have contact with across company boundaries. Such a visualization forms the basis for the network segmentation described at the beginning. In transparent networks, suspicious behavior and anomalies in communication can also be detected quickly. This gives companies the opportunity to expose cyber attacks before any major damage occurs.

Tip 7: Business continuity management

The author: Axel Noack is Director Business Development at Endian.

© Endian

No measure guarantees one hundred percent protection against cyber attacks. Companies must be aware that even with conscientious precautions, there is always a residual risk . Cybercrime has developed into a lucrative and constantly growing business in the networked world. Attackers know how to cleverly exploit vulnerabilities and current trends and are often one step ahead of companies. It is therefore advisable to develop an IT contingency plan that ensures business continuity in the event of an emergency.