Lothar Hänsler, COO of Radar Cyber Security
“Corporate systems should be continuously checked.“
An assessment by COO Lothar Hänsler on current cyber attacks and possible implications for corporate IT security.
First of all I would like to point out: There is currently no reason to panic! However, this does not mean that one should now sit back and relax. A state of alert is always appropriate. And that means in concrete terms: In cyber security, however, you should be even more vigilant and prepared for possible attacks at the moment.
Sharpen your cyber senses
It is a good idea to look at things holistically.
- Business continuity: what is happening outside of cyber security to keep business running? Which departments are affected by potential changes?
- Employees: what does the war in Ukraine mean for employees? How do they feel about it? Do they possibly fear losing their jobs?
- Supply chain: Is one’s own supply chain affected and what does that mean for the company? How do you react to bottlenecks?
Even though the fighting in Ukraine may seem far away at first and your own company is not affected, your business could still become cyberfocused in our interconnected world. We only have to remember NotPetya. This attack initially looked like an extortion Trojan. Malware attacks in Ukraine have shown that it can be assumed that the malware was likely to have been placed in the target network long before the actual impact, as a kind of “sleeperware.” It is therefore not impossible that such malware is already waiting to be activated in our networks as well. But even if neither the payment of a ransom nor the use of cyber insurance really “helps” with this type of malware, the issue of ransomware is not off the table. After all, some countries whose funds are currently frozen abroad may quickly need money from foreigners. The activities of some self-proclaimed cyber-warriors are not without risks either. The actions of the other side are difficult to gauge, and there could be collateral damage in the process.
The activities of some self-proclaimed cyber warriors are not without risks either. The actions of the other side are difficult to assess and collateral damage could occur.
Good preparation can protect companies
So it is important to keep cyber security measures up to date and continuously check your own systems for possible attacks or preparations for them. Basic cyber hygiene measures are also still in order:
- Always keep your system up-to-date: system and software updates mostly include security patches that respond to the latest cyber threats.
- Match access rights to necessities: Each employee should only be given the rights they really need.
- Don’t allow weak passwords: minimum length rules, case sensitivity and special characters, help employees use strong passwords.
- Use multi-factor authentication: If a hacker cracks the password, for example, he may fail other authentication queries, such as an ID card, a fingerprint.
- Make regular backups of your data: These should be kept isolated in a separate and secure location.
- Don’t open suspicious emails – and certainly don’t open files or links in the emails, as these could lead to malware infiltration.
- Always use up-to-date antimalware and antivirus programs: Even, or especially, antimalware and antivirus programs should always be up to date for the best possible protection.
On top companies should also prepare themselves for an emergency:
- Prepare for widespread outages of critical infrastructure (for example, triggered by a power outage): Create incident response plans for this (and keep them up to date), determine who should be informed and when, train your employees for emergencies.
- Keep Incident Response Plans accessible: Print the plans and store them so that they are quickly at hand in the event of an emergency, even if the data can no longer be accessed on the network. This also applies to contact lists.
- Keep in touch with a reliable incident responder: Should widespread attacks occur, incident responders will be in high demand. It is therefore all the more important to have an incident responder on hand at an early stage. Ideally, the incident responder should already be supporting the company in the creation of incident response plans. In the event of a cyber attack, the incident responder manages all activities to restore the company’s data, its ability to act and its cyber security.
