Three questions to Helmut Brechtken, Warth & Klein Grant Thornton AG. The cyber security expert will be speaking at the ISDs 2019 on the topic “Cyber Attacks & Cyber Incident Response – Reports from current investigations”.
Mr. Brechtken, which attack methods are you currently seeing on the increase?
Right at the top of our internal statistics are attacks using ransomware. Sooner or later, the majority of companies make the acquaintance of such extortion software. Many attacks succeed, and cyber criminals can block access to important company data by means of an encryption Trojan, and demand a ransom. For the last five years, we have also been witnessing the phenomenon of Fake President or CEO fraud more and more often – meaning the attempt by cyber criminals to impersonate the company boss and arrange payment to be made to overseas accounts. Banking fraud has also seen considerable growth. Cyber criminals intervene in the email communication between customer and supplier, and tamper with the bank account details on invoices, for example, redirecting payments to their own accounts.
How do you find out who could be behind attacks on companies?
Cyber criminals pursue a range of interests with their attacks, which enables conclusions to be made about the offender. For some, it’s about money, others want to get their hands on know-how through industrial espionage. We observe certain patterns in these attacks, which are typical for attackers, for example, from particular hacking groups or from a particular country. Further indications are the time of the attack and the tools used.
What are you currently advising companies to do for their own protection?
It is very important to keep the cyber awareness of staff permanently at a high level. Phishing emails remain an important gateway for cyber attacks. Companies should regularly sensitize their staff to the dangers. It is just as important to always keep the company systems up-to-date – so, promptly installing patches for company software and operating systems. The malware WannaCry und Petya/NotPetya demonstrated the devastating consequences that unpatched vulnerabilities can have. What companies should do over and above this, in order to create an appropriate security level, depends on the situation in the company. A cyber security audit is a good possibility to find and rectify weaknesses in the cyber defense of a company.