Joachim Ringelnatz, the author of humorous poems, has put it in a nutshell: "What is certain is that nothing is certain. Not even that." Less humorous for those affected is the threat of cyber attacks by criminals. After all, 45 percent of VDE member companies are of the opinion that their IT systems are not sufficiently protected. Medium-sized companies in particular are increasingly finding themselves overburdened when it comes to financial and personnel resources to protect their IT security.
The VDE has reacted to this by creating the "Competence Center for Information and Corporate Security", an opportunity to support SMEs in IT security issues. With this competence centre, VDE wants to help medium-sized companies in particular with the analysis and implementation of cyber security. According to VDE boss Ansgar Hinz, the association also wants to assist companies in complying with "legal and regulatory requirements".
Companies must not only arm themselves against hacker attacks, but also meet the requirements of the EU Data Protection Ordinance (DSGVO). The IT security law and governance risk compliance must also be complied with. This costs money and requires competent personnel. The latter is difficult to get, as the market for experts is almost empty. A dilemma that overwhelms many medium-sized companies. On the one hand, bureaucratic requirements must be adhered to; on the other hand, security gaps can threaten their existence.
"Our experts carry out a GAP analysis based on the BSI Basis Cyber Security Check and the ISO27001 Security Check," says Ansgar Hinz. According to its statutes, the VDE is obliged to help its members meet security requirements. In addition to the analyses mentioned, further measures can be taken as required to optimise the "security level according to internationally recognised frameworks and standards". This holistic approach provides companies with affordable and workable solutions "to address existing cyber risks in a targeted manner and support companies in complying with compliance requirements. This saves money and provides security," says Ansgar Hinz.
Ryuk" is a new pest that the Federal Office for Information Security (BSI) has expressly warned against. According to the findings of the BSI, several companies in Germany are already infected by this encryption software. "Ryuk" uses two older Trojans. The malware makes blackmail attempts possible and should therefore not be underestimated. Ansgar Hinz explains that "according to a survey, four out of ten VDE member companies and universities were already affected by cyber attacks". Another 40 percent do not know whether they have been attacked. From Hinz's point of view, the number of unreported cases is much higher. Security is no longer achieved by implementing technical measures alone.
The VDE boss concludes that "governance, risk and compliance play at least as important a role. In this respect, the establishment of the "Competence Center for Information and Corporate Security" is not an arbitrary service offer, but a necessity. The Competence Center is an important contribution to IT security. Especially medium-sized companies are addressed with it. If you take up the offer, they are noticeably relieved both financially and personnelwise and can dedicate themselves more relaxed to the everyday business. Above all, the VDE Competence Centre offers the great advantage that companies are protected against new cyber threats faster and more effectively. Because "it is certain that nothing is safe".
This latest report from ClubCISO, a Telstra Purple community, provides an overview of the...