Hackers access data at Darmstadt-based Software AG. A cyber attack slows Hesse’s school portal in the middle of the corona pandemic. The insurance company Haftpflichtkasse in Roßdorf in the south of Hesse has to take the entire IT system off the network after such an attack, data flows away. Cities, universities, authorities and hospitals are in some cases paralyzed by malware. Investigators continue to expect cybercrime to become increasingly relevant due to increasing digitalization and the perpetrators to become more professional.
All Hessian municipalities checked – results sobering
There are gateways for criminals everywhere. The Darmstadt start-up company LocateRisk has examined the risks associated with this in communities, DAX companies and banks. The results are sobering. This summer, LocateRisk checked all 422 Hessian municipalities and found 74 percent to be at risk of data theft due to partially impermissibly encrypted data transmission. For 31 percent, not all database systems were adequately secured, and almost a quarter were threatened with attacks due to outdated software.
“If a computer is accessible from the Internet, there can be security gaps there,” says the founder and head of LocateRisk, Lukas Baumann. Data theft is also possible for crooks from all 28 companies in the DAX that his company has checked. 23 did not adequately protect their database systems. The 26-year-old does not know how many municipalities or companies that were checked for vulnerabilities by LocateRisk actually fell victim to cyberattacks. He only points out possible security leaks. “We deliver a prioritized list of recommendations for action, but we also find possible partners.”
Cybercrime cases are on the rise, the clearance rate is low
The extent of digital robberies or the crippling of infrastructures, often accompanied by blackmail attempts, shows the cybercrime situation report by the Federal Criminal Police Office. From 2016 to 2020, the number of recorded cases in Germany rose continuously from 82,649 to 108,474. The clearance rate in 2020 was not even a third.
For security agencies, this is by no means the full extent. “However, a correspondingly high number of unreported cases can be assumed, since companies do not always turn to the police because, for example, no damage has occurred, there are fears that the incident will become public knowledge and thus a loss of reputation could occur,” says a spokesman for the Hessian Ministry of the Interior. In addition, in some cases the interest in restoring the data outweighs that in law enforcement.
Great economic damage
The digital association Bitkom put the damage dimension in August at 220 billion euros for 2020, more than twice as much as in previous years. According to a study by the association, nine out of ten companies in Germany were affected by data theft, espionage or sabotage. According to the latest information from Bitkom, for fear of blackmailers and data leaks, investments in IT security are expected to exceed the threshold of six billion euros for the first time.
“The companies suffer great economic damage from attacks in the area of cybercrime,” says the Hessian Interior Minister Peter Beuth (CDU). With the Hessen Cyber Competence Center “Hessen3C”, the state, in cooperation with security and judicial authorities, offers help with prevention and, above all, with real attacks.
Learn how to deal with extreme situations
Training opportunities have also been available at the Fraunhofer Institute for Secure Information Technology since April. “Unfortunately, due to the corona situation, we couldn’t start the way we actually planned because we first had to switch to online training,” says the IT security expert at the Fraunhofer Institute and the national research center for applied cybersecurity “Athene”. Haya Shulman. So far, participants from around 30 organizations have taken part. The inquiries have been increasing for a quarter of a year.
“On the Cyber Range, teams can learn and test new approaches and solution strategies. And they can expose themselves to extreme situations with the corresponding stress level,” says Shulman. Incidentally, the problem is less the know-how of the people than the security budget. “In general, companies are advised to invest 10 to 15 percent of their budget in IT security, but very few do that.”
The start-up Baumanns, funded by the Federal Ministry of Research with 730,000 euros, only uses the main domain for its analyzes and finds all connected systems and weak points from there, which should then be eliminated. Large companies usually have no problem staying on the ball here: “The big ones have the right people, they can also afford it.” Elsewhere he is more likely to see defects. “IT departments are often poorly staffed, and they openly admit that.”