The industry association for the German information and telecommunications sector Bitkom puts the financial loss from cyberattacks, blackmail software and malware for the domestic economy alone at an unimaginable 200 billion euros in 2022. This is because, on the one hand, attacks are increasing with rising user numbers (not only on cloud solutions). On the other hand, the international IT security situation has become even more acute since the war in Ukraine.
What are politics doing to counter the increasing threats?
One measure to assess and strengthen the cybersecurity situation in Germany is to promote cooperation between politics, industry and science. Every year, the Potsdam Conference on National CyberSecurity brings together representatives from the German Bundeswehr, the German Foreign Office, and the ministries of education and research, digital affairs and transport, and other relevant areas. Topics range from critical infrastructure protection and industry to information warfare and fake news to employee awareness.
How can companies protect themselves?
Enterprises, SMEs and government agencies need and want their sensitive data to be well protected. It is not only confidential documents such as plans, statements, invoices, personal information about employees and customers, but also video content and much more. Under no circumstances should these be leaked to the outside world. This is because criminals specifically seek out their victims in cyberattacks. They target specific individuals, companies, organizations and authorities in order to harm them, be it through data theft in order to sell them on, or through blackmail in order to enrich themselves. But sabotage to damage competitors or espionage to tap knowledge and information are also common.
This is because criminals specifically seek out their victims in cyberattacks. They target specific individuals, companies, organizations and authorities in order to harm them, whether by stealing data to sell it on or by blackmailing them to enrich themselves. But sabotage to damage competitors or espionage to tap knowledge and information are also common.
Employee training
To ensure that employees become a stable security factor rather than a risk factor, their awareness must be raised. On the one hand, regular employee campaigns and training sessions help to improve knowledge about IT and information security. Training courses in which employees take on the role of a hacker, for example, in order to learn about a wide variety of cyber attack possibilities, help in the long term to identify and ward off threats more quickly. The more educated employees are about threats, the more they behave prudently and can increase security within the company.
Attacks on corporate supply chains have also increased, making IT security prophylaxis necessary there as well. In this regard, employee training also provides support against phishing attacks. Regular updates and anti-ransomware toolkits are equally useful. Crisis and, above all, response plans can make a significant difference if the worst comes to the worst; they could reduce downtime and consequential costs enormously.
Fixing vulnerabilities
On the other hand, further vulnerabilities should be identified. For example, the increasing number of apps and software, or rather their interfaces, represents a problem. These application programming interfaces (APIs) consist of program code that enables the interface to pass on information. Since APIs form a kind of bridge between apps, API security must come into focus. For example, credentials, highly sensitive data, are exchanged here. If the APIs are not sufficiently secured or are defective, they are therefore the particularly sore points in security. This can be remedied by tools such as API scans, which allow them to be analyzed by experts. These scans also provide guidance to programmers on how to fix vulnerabilities. But before they are implemented in a larger environment, they should be extensively tested and properly secured if necessary. Otherwise, the interfaces could become one of the biggest sources of data leaks in the future.
Implementation of software solutions
Last but not least, technical (software) solutions help. They are a proven means of protection, especially the on-premises solution. These are the safest way to protect the company’s data from external access or even data loss. For this reason, VIMP, with solutions specialized for companies, continues to offer completely self-contained operation in the customer’s own data center – i.e. on-premises – in addition to hosting offers. In doing so, control of the data remains with the company itself at all times and is not outsourced externally.
Because one thing is also clear: IT security in a company is a joint project and not just the task of the security team.
Discover more about VIMP’s security measures:
GDPR-compliant video management platform of VIMP
If you would like to learn more about VIMP’s solutions and implementation options, please feel free to contact us via our contact form or by phone at +49 (0) 89 1200 1020.