With each passing day in which an attack goes undetected or the longer it takes to eliminate the effects, the costs for a company that has been impacted by an attack increase to an unforeseeable extent. According to Bitkom, the damage to the German economy in 2020/2021 amounted to approximately 225 billion euros. Unfortunately, these cost explosions are also promoted owing to the fact that companies continue to invest too little in proactive measures, such as Cyber Threat Intelligence (CTI) or self-initiated vulnerability tests (penetration tests). The threats are steadily increasing due to the more sophisticated attack techniques and simple applications, even for “inexperienced” hackers. The central challenge in defending against attacks is therefore the early detection of activities in the network.
Employees are the first line of defense
However, the involvement of all employees of a company is also essential for early detection. Awareness campaigns can raise awareness of the threats of a cyberattack and involve all employees in the process of increasing a company’s IT security. After all, if everyone is aware that they are the first line of defence against a cyberattack, potential attackers will have fewer chances to succeed, for example, by means of phishing emails.
Security Operations Center for all company sizes
Large companies implement their own Security Operations Centres (SOCs) which are tasked exclusively with monitoring network activities around the clock. For small and medium-sized enterprises, a SOC is far too high a financial outlay. Nevertheless, there are feasible options where an external service provider can take over the monitoring and evaluation of internal information. These functions are precisely what the SOC service of RADAR and Materna provides. With its deployed solution, the SOC monitors logs from operating systems, servers, databases, routers and other systems in the network. If the system finds any conspicuous actions, the SOC team from the RADAR Cyber Defense Center immediately informs the Materna CSIRT, which then initiates an immediate response together with the company, depending on the agreement. This service can, for example, minimise data encryption threatened by a successful ransomware attack.