The global and independent platform for the SAP community.

Recklessness promotes cyberattacks

Phishing attacks are among the greatest threats to IT security. A targeted reduction of the vulnerabilities that cybercriminals use to gain access to their victim's system is called for.
Xenia Joselew, FIS-ASP
November 9, 2022
it security header
avatar
This text has been automatically translated from German to English.

Phishing attacks are particularly popular among cybercriminals. They try to obtain confidential and sensitive data by deceiving or misleading their victims. This type of attack can be classified as social engineering. In addition to e-mail attacks, this also includes USB dropping, fake text messages via SMS, or fictitious telephone calls. In the case of e-mail traffic, the mail contains a malicious attachment or link to a "fake" site. Profits or inheritances are promised, but it can also look like a legitimate offer from a known supplier or customer, so that the inhibition threshold for interaction by the potential victim is as low as possible.

Weakest link

Ultimately, the human factor is the decisive point. If employees, as the supposed last line of defense, do not question the email addressee or content but interact with it, the risk of a successful attack is extremely high.

Such attacks can ultimately lead to enormous financial and reputational damage for companies. A possible loss of trust among customers and partners, costs for the outflow of data and knowledge, the elimination of consequential damage, possible production downtimes or order cancellations are just a few of the possible consequences that could arise in the event of a successful cyber attack. 

In the case of encryption, the encryption technology used in each case, which has been adapted again and again, is usually not easy to break in order to regain access to the data. Companies that have not backed up their own data regularly and explicitly protected it should nevertheless not pay the ransom demanded under any circumstances and instead seek advice from experts on how to deal with the situation further. After all, it is questionable whether the systems will even be decrypted after the ransom is paid. 

Cybercriminals will continue to resort to phishing attacks in the future, as the already existing technical security of many systems reduces their attack possibilities and, as a result, humans can now be considered the weakest link in the chain. Moreover, such attacks can be carried out with significantly less know-how and on a larger scale than classic hacker attacks. Ultimately, the success rate is decisive: regardless of the size of the company, one distracted or careless employee is enough to trigger serious consequences for the company. In percentage terms, for example, one person is enough for
1000 employees (= 0.1 percent) falling for the phishing mail. Such a high probability of success hardly exists in any other attack scenario and is accordingly underestimated - especially in the SME sector, where funds and resources for IT security are often scarce and sufficient know-how is not available.

Regular trainings

The decisive keyword is: awareness. Repeated, well-constructed awareness measures for employees that are adapted to the current security situation are the key to taking the wind out of the sails of phishing attackers. After all, without human interaction with the compromised mails, there is usually no increased risk - provided the company's technical measures correspond to a currently required security level. In addition, awareness training is inexpensive when compared to the recovery costs after a cyber attack. However, this type of awareness training must take place regularly and always adapt to the current security situation.

https://e3mag.com/partners/fis-asp/

avatar
Xenia Joselew, FIS-ASP


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.