The digitalization and networking of all areas of work and life continue to increase. Connectivity, cloud computing, IoT, AI, big data - all of these technologies allow companies to expand their business models, build new value chains and increase productivity. Almost two thirds of companies in Germany already use special applications for Industry 4.0, making Germany one of the world's leading nations when it comes to smart factories. This sounds promising for the future development and international competitiveness of German companies.

At the same time, networking within Industry 4.0 increases the risk of cyber attacks. Attackers are constantly finding new ways to paralyze not just the company website, but the entire business operations. In addition to infection with malware, distributed denial of service attacks (DDoS) cause damage to more than a quarter of German companies. An interruption to networked processes caused by DDoS attacks can have devastating consequences. These include, for example, the financial loss to repair the attack and offset the consequential costs of the business interruption, as well as possible data theft in the slipstream of the DDoS attack or reputational damage.

It is undisputed that digitalization and networking are continuing to advance. In the future, the use of artificial intelligence will increase and more and more automated systems will communicate with each other digitally. This increases the complexity of the infrastructure and makes it all the more important to protect it against equally intelligent attacks. Artificial intelligence, machine learning and the Internet of Things are being used to increase the destructive power of DDoS attacks.

Intelligent attacks require intelligent security solutions

On-premise solutions are not able to stop modern attacks. By the time an attack reaches a company's IT systems, it is already too late. On the other hand, cloud-based solutions can filter, analyze and even block data traffic before it even gets close to a company's IT systems. For this reason, consistent defense against DDoS attacks is only possible with cloud-based solutions. The Link11 platform takes a three-stage approach to identifying and combating DDoS attacks:

• In the first step, fingerprinting, incoming data traffic is analyzed and each client is assigned a specific "fingerprint". Each fingerprint is made up of hundreds of unique characteristics and is far more specific than an IP address. This ensures that legitimate users can access data at any time. Access by users with fingerprints containing known attack patterns, on the other hand, is blocked.
• However, it is not enough to simply block known types of attack. In the second step, the platform's self-learning AI module analyzes data traffic for malicious activity and is even able to identify AI-driven attacks. The module also actively interrupts attacks by sending false information to attackers. For example, it signals to attackers that a target has been "taken offline", although in reality it remains accessible to legitimate users.
• Finally, the platform compares all traffic with real-time threat intelligence to determine if it matches known malicious attack patterns. In this way, the platform can block attempted attacks while accepting legitimate requests. Crucially, each time the platform has identified a new threat, the attack sequence is stored in a database for use in future cases. If the same attack sequence is detected again, it is immediately blocked.

In the past, DDoS protection solutions were often based on manual interaction - either by the company's own IT department or an external security service provider. A typical manual workflow takes around 35 minutes on average, whereas the automated workflow described above goes from detection to complete blocking in seconds - even for unknown threats.

Attack numbers will continue to rise - effective protection against DDoS attacks required

The increasing number of attacks on companies in the industry is causing considerable damage. It must also be taken into account that it is no longer sufficient to limit risk assessments to one's own company. Last but not least, the disruption to supply chains during the COVID-19 pandemic has clearly demonstrated how interconnected and vulnerable our information, goods and payment flows are today.

Companies must therefore take precautions to effectively contain the impact and duration of DDoS attacks at a technical level. At a strategic level, companies must identify, assess and ultimately contain the full breadth and depth of both internal and cross-company risks. In the world of Industry 4.0, this also means selecting partners from the perspective of resilience to cyber attacks and implementing the appropriate protection mechanisms.

The author

© Link11

As Managing Director at Link11, Marc Wilczek is responsible for strategic business development, growth initiatives, marketing and sales. In addition to management functions within the Deutsche Telekom Group, he was previously Senior Vice President Asia-Pacific/Latin America/Middle East and Africa at the eHealth group CompuGroup Medical and headed up the Asian business at IT security experts Utimaco Safeware (now Sophos), among others.