The global and independent platform for the SAP community.
IT Security Column, Mag 22-10

Recklessness promotes cyberattacks

Phishing attacks are among the greatest threats to IT security. A targeted reduction of the vulnerabilities that cybercriminals use to gain access to their victim's system is called for.
Xenia Joselew, FIS-ASP
November 9, 2022
Content:
it security header
avatar
This text has been automatically translated from German to English.

Phishing attacks are particularly popular among cybercriminals. They try to obtain confidential and sensitive data by deceiving or misleading their victims. This type of attack can be classified as social engineering. In addition to e-mail attacks, this also includes USB dropping, fake text messages via SMS, or fictitious telephone calls. In the case of e-mail traffic, the mail contains a malicious attachment or link to a "fake" site. Profits or inheritances are promised, but it can also look like a legitimate offer from a known supplier or customer, so that the inhibition threshold for interaction by the potential victim is as low as possible.

Weakest link

Ultimately, the human factor is the decisive point. If employees, as the supposed last line of defense, do not question the email addressee or content but interact with it, the risk of a successful attack is extremely high.

Such attacks can ultimately lead to enormous financial and reputational damage for companies. A possible loss of trust among customers and partners, costs for the outflow of data and knowledge, the elimination of consequential damage, possible production downtimes or order cancellations are just a few of the possible consequences that could arise in the event of a successful cyber attack. 

In the case of encryption, the encryption technology used in each case, which has been adapted again and again, is usually not easy to break in order to regain access to the data. Companies that have not backed up their own data regularly and explicitly protected it should nevertheless not pay the ransom demanded under any circumstances and instead seek advice from experts on how to deal with the situation further. After all, it is questionable whether the systems will even be decrypted after the ransom is paid. 

Cybercriminals will continue to resort to phishing attacks in the future, as the already existing technical security of many systems reduces their attack possibilities and, as a result, humans can now be considered the weakest link in the chain. Moreover, such attacks can be carried out with significantly less know-how and on a larger scale than classic hacker attacks. Ultimately, the success rate is decisive: regardless of the size of the company, one distracted or careless employee is enough to trigger serious consequences for the company. In percentage terms, for example, one person is enough for
1000 employees (= 0.1 percent) falling for the phishing mail. Such a high probability of success hardly exists in any other attack scenario and is accordingly underestimated - especially in the SME sector, where funds and resources for IT security are often scarce and sufficient know-how is not available.

Regular trainings

The decisive keyword is: awareness. Repeated, well-constructed awareness measures for employees that are adapted to the current security situation are the key to taking the wind out of the sails of phishing attackers. After all, without human interaction with the compromised mails, there is usually no increased risk - provided the company's technical measures correspond to a currently required security level. In addition, awareness training is inexpensive when compared to the recovery costs after a cyber attack. However, this type of awareness training must take place regularly and always adapt to the current security situation.

https://e3mag.com/partners/fis-asp/

avatar
Xenia Joselew, FIS-ASP


All articles of the author

Write a comment

The Hackett Group has recognized Esker in the area of C2C Receivables

Rackspace Technology launches UK Sovereign Services

August-Wilhelm Scheer Institute and BAD Gesundheitsvorsorge und Sicherheitstechnik: The future of healthcare

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.