Solutions & Products
Stage-Cyberresillienz-unsplash

How to Make Your Company Resilient to Cyberattacks

A Cyber Resilience Strategy, Which Helps Prepare Organizations for a Cyber Attack.

Increase the resilience of your production against cyber attacks
16.06.2022
Digital Transformation
Security

It's not a question of if your company will fall victim to a cyber attack, but only when. Cybercriminals can still reach the target despite all cyber security measures. A cyber resilience strategy helps to secure business operations as much as possible.

"Business model" extortion flourishes
Increase resilience against cyber attacks
Conclusion

Reports of cyber attacks on companies appear in the press almost weekly. Manufacturing companies are increasingly becoming the focus of cybercriminals - examples include a leading agricultural machinery manufacturer, an automation technology company, a supplier of printing inks, and a producer of pumps and valves.


This is apparent: If production processes are paralyzed for several days or weeks, companies are threatened with significant monetary damages, customer losses, and image damage. This makes them worthwhile targets for blackmail from the cybercriminals' point of view.

"Business model" extortion flourishes


To do this, hackers gain access to their victims' systems. At the end of the attack chain, they execute ransomware and encrypt the data of the affected company. The data is only rereleased against the payment of a ransom.
 

This "business" seems to be flourishing - according to industry association Bitkom, damage caused by ransomware rose from 5.3 billion euros in 2019 to 24.3 billion in 2021. The German Federal Criminal Police Office (BKA) sees 2021 as "the year of ransomware." According to the BKA, Germany is affected by ransomware attacks with above-average frequency in an international comparison.


In our free briefing, "Cybersecurity in production - the eight most important aspects," you can find comprehensive information on the topic.

Manufacturing companies, in particular, face significant challenges in terms of cyber security. In the world of Industry 4.0, the systems of classic IT are merging with those of operational technology (OT) in production. On the one hand, this convergence brings new opportunities for more flexible displays. Still, on the other hand, it also poses enormous risks in terms of security, and this risk is vastly underestimated. For example, in preparing its Digital Defense Report 2021, Microsoft found that 20 million devices were accessible via the preset password "admin."


With Sentinel and the various Microsoft Defender products, Microsoft offers solutions for intelligent, company-wide security and threat analyses, for which a connector for SAP systems is also available. This means that companies can also continuously monitor their SAP systems around the clock - an essential step in implementing a holistic security strategy.

Increase resilience against cyber attacks

Cyber security refers to the methods and procedures used to protect electronic data. This essentially involves the technical protection of systems against intrusion by hackers and the response to attacks. Technological solutions for security information and event management (SIEM) and security orchestration, automation, and response (SOAR), for example, enable threats and attacks to be detected early and responded to accordingly.


However, experience shows that even the best technical solutions cannot guarantee one hundred¬ percent protection. Companies should therefore prepare for the worst-case scenario. The cyber resilience approach describes how you can increase your company's resilience against attacks from cybercriminals. Consider the following eight tips if you want to develop and implement a cyber resilience strategy that is as efficient as effective.

1. create awareness among employees

To put it bluntly, people are considered the weakest link regarding cybersecurity. It is all too easy, for example, to unthinkingly click on a link in an email during a stressful working day, which cybercriminals use to gain access to systems. All employees must be aware of their responsibility to avert such dangers from the company.


Regular training and tests, such as simulated phishing emails, help build the appropriate awareness and keep knowledge of cyber security issues up to date.


2. implementation of a cyber hygiene policy

The development of a guideline for "cyber hygiene" is urgently recommended. This must be understood as a whole range of regulations that all employees must support. The package of measures aims to minimize the risk of cyber attacks by consistently following specific rules.


The cyber security systems themselves must always be optimally configured and kept up-to-date. This also applies to all applications - effective patch management ensures that all (security) updates are installed. Password policies, access management, regulations for secure remote access, network segmentation, backup strategy, and, last but not least, email security - are all aspects that should be considered in a cyber hygiene policy.


3. assessment of the internal IT and OT systems

One crucial task is to record all IT and OT systems. This should also include logging which processes are handled via the respective systems and how business-critical they are. The collaboration of the systems, for example, via interfaces, should also be analyzed and documented. On the one hand, this helps to identify security gaps and, on the other, to react in a targeted manner in the event of a cyber attack.



Companies that do not want to build up internal resources for this purpose can also rely on service providers to operate a SOC.


5. establishment of a security operations center

Cybercriminals are becoming increasingly professional and "work" around the clock. To ensure smooth business operations, it is, therefore, necessary to continuously collect, correlate and evaluate data relevant to IT security. To this end, setting up a Security Operations Center, or SOC for short, is advisable.


Such a control center monitors the company's entire IT infrastructure "24/7" - networks, servers, workstations, and Internet services. The data collected, such as log files, is analyzed in real-time to identify anomalies at an early stage. If necessary, the concerned departments are informed, and measures are taken to protect data and applications to ensure business continuity.


Companies that do not want to build up internal resources for this purpose can also rely on service providers to operate a SOC.


6. development of an emergency plan

If despite everything, cybercriminals are successful in their endeavors, a predefined emergency plan helps to act in a level-headed manner. This plan should define the relevant internal responsibilities and a reporting chain. It should also describe the critical business processes, protective measures, and procedures for (step-by-step) restoration of the ability to work.


Cooperation with external service providers should also be regulated - who will provide support and to what extent? The plan should also include guidelines for communicating the incident to the outside world, for example, to inform customers and partners.


The Federal Information Security Agency provides valuable guidance for creating an IT contingency plan.


7. simulations of attacks reveal attack potential

Regular stress tests and penetration tests are invaluable when preparing the company to cope with cyber attacks. If the internal reporting chain is functioning, if thought is given to informing customers and partners, for example, and if the defined measures to contain and defend against the attack are initiated - a simulation will help uncover possible attack potential.


8. establish cyber resilience as a business process

Cybercrime is constantly evolving. In the meantime, the extortion of companies, in particular, has advanced to become a real "industry" in which cyber criminals cooperate with service providers, for example, to execute the attacks or "the payment system.


To keep pace, companies need to understand that cyber security and resilience are not one-off tasks. They should be understood as business processes that need to be continuously developed and maintained.


Conclusion

Today, companies should expect to become victims of cyber attacks. It is therefore essential to strengthen the resilience of structures and processes against such threats to safeguard business operations as far as possible and avert damage to the company. A holistic cyber resilience strategy is the tool of choice.

Would you like to set up your Operational-IT securely?

Dann laden Sie sich jetzt unser Briefing herunter!

Cybersecurity for SAP in Manufacturing and Production

Criminals are increasingly attacking production systems and paralyzing entire companies. Our security briefing summarizes the 8 most important points.

Written by

Becker, Oliver_00708305
Dr. Oliver Becker
Expert for the Digital Transformation of the Manufacturing Industry