Cybercriminals are increasingly well organised, and the risk and consequences of a cybersecurity incident are underestimated by many, explains Chris Lichtenthäler, Senior Manager at auditing firm Deloitte, in an interview:
You talk about “Crime as a Service” – how well organised are cybercriminals?
That depends a lot on the group of perpetrators. These range from unorganised small groups and individuals to highly professional organisations, some of which also work with state support. Within the latter, there are now also different departments, such as the development department, the testing department (for testing new malware) and distribution or sales. In this area, services are brokered to other criminal organisations or actors and then rented out. In some cases, it is no longer possible to identify exactly who is behind an attack, but often only which “platform” is being used.
What impact does this have on the cyber security of SMEs in Germany?
Organised cybercrime attacks have a multi-layered impact on the cybersecurity of SMEs. The classic consequences include the compromise of data and systems, business interruption damage and subsequent IT recovery costs. Data leaks represent an increasing trend, whose probability of occurrence and possible consequences (e.g. data protection issues, potential fines) are still frequently underestimated by companies and should therefore be given special attention.
What concrete measures can companies take to minimise cyber risks?
Basically, we recommend the gradual introduction of common sector and industry standards. In particular, a functioning backup, multifactor authentication and threat intelligence systems are a must-have. In addition, companies and organisations need to invest far more in education and awareness to increase their level of protection effectively. Being well prepared for the possible occurrence of a cybercrime incident can additionally reduce downtime and minimise damage significantly.
