Viewing everyday life through the eyes of a hacker – the ideal approach when it comes to uncovering ransomware attacks and phishing emails in an office environment. This might sound a little over the top at first. However, it is an entirely logical approach in view of the current threats that companies in Germany and further afield face with regard to hacker attacks. According to Bitkom, losses inflicted on the German economy due to ransomware attacks in 2020 amounted to EUR 24.3 billion. In Germany, this makes cyber incidents the second most dangerous risk to companies, as this year’s Allianz Risk Barometer shows. On the global stage, they rank as the number one risk. The European security initiative CyberSec4Europe recently announced a possible solution: make it mandatory to incorporate preventive defence measures into the training curriculum for many jobs in the future. This is the only way to train employees to become aware of cyber-risks at an early stage, thus making life more difficult for hackers. Read on to learn why this recommendation is a good idea and how it can help boost security at your company.
Based on worldwide comparisons, cyber incidents are currently at the top of the list of the biggest worries of companies. This is also confirmed by the eleventh Allianz Risk Barometer, which surveys more than 2,650 experts from 89 countries each year: cyber risks are in 1st place at 44%, followed by business interruptions at 42% and natural disasters in third place at 25%. Since the economic effects of the COVID-19 pandemic now appear to be less severe than two years ago, they are ranked in fourth place.
When extortion tactics are not enough
The situation in Germany appears similar. Although companies are most concerned about business interruptions (55%), this is closely followed by cyber incidents in second place (50%). Key influencing factors here include the unusually high numbers of ransomware attacks in the past year during which company data was encrypted and used for extortion, as well as the emergence of other worrying hacker trends. For example, criminals are increasingly resorting to double extortion tactics involving the encryption of systems and the theft of data. The biggest problems in this context are the low barriers to entry for hackers – ransomware software is relatively cheap, easy to use and profitable, at the expense of the affected companies. For this reason, more and more companies are improving their security precautions and developing emergency response plans to ensure that they retain the ability to respond to business outages or data leaks.
One possible solution: making anti-hacker measures part of the training now
Given the increasing number of cyber incidents, the European security initiative CyberSec4Europe recently argued for a revision of the training framework for application areas. The pilot research and innovation project aims to strengthen, develop and manage the cybersecurity capacities necessary to safeguard and maintain European democracy and the integrity of the digital internal market. This should go beyond the technical understanding to include systematic training for future employees such as secretarial staff or office administrators in the areas of cybercrime, malware, spam and other hazards. The sooner employees learn how hackers think and act, the more aware they become of hackers’ activities and the threats they pose. As a result, employees behave more responsibly in their companies, contributing independently to security within the company. In the long term, the success rate of cyber-attacks can then be reduced.
Security education for specific user areas
Although universities offer a wide range of specific degrees in security technology or cryptography, there is a lack of security awareness training for specific application areas. These include doctors’ practices and hospitals, which handle sensitive patient data every day, as well as industrial and trade businesses that rarely see themselves as targets for hacker attacks. However, appearances can be deceptive because company size is rarely important to cybercriminals. In reality, their primary goal is to inflict a high degree of damage on as many people as possible in the shortest possible time.
Strong security barriers thanks to ethical hackers
However, the use of ethical hackers is also becoming increasingly attractive to companies. In this scenario, organisations will explicitly employ computer security experts to put internal company IT systems to the test in an unbiased manner as if they were genuine hackers – the goal being to identify vulnerabilities in the digital system, evaluate security risks and then work constructively with the company to eliminate them. What sets this method apart from criminal activities? Although ethical hackers deploy the same expertise and tools as their criminal counterparts, they have permission to hack and they do so in a transparent manner. All steps are meticulously documented and backed up by recommended actions. Whereas employees can protect companies during their everyday work, ethical hackers check the security barriers of the digital infrastructure if necessary. From a long-term perspective, this makes it possible to set up a security concept that makes hacker intrusions almost impossible.