The nature of cyberattacks is changing. In the past it was mostly about blackmail, today it's also about destruction. The fact that political tensions are spreading into the digital space has a direct and noticeable impact on German companies.
You have to ensure that you are cyber-resilient, because cyber defense at the national level in Germany has so far been quite patchy. The days when cyberattacks were primarily aimed at financial gain are over. Already at the beginning of the Ukraine war, Russian hacker groups intensified their attacks on German companies. As the Israel-Palestine conflict flares up, politically motivated attacks have continued to rise and are expected to increase in the coming year. The Federal Office for Information Security also found something similar in its management report on IT security in Germany.
The reasons for this? Our pro-America stance, NATO membership and the country's position as one of Europe's largest economies. All of this makes Germany a prime target. The attacks are also an expression of political and ideological disputes that are taking place on the digital battlefield. Unfortunately, national cyber defense at the state level is practically non-existent in Germany. This means that companies themselves are obliged to take effective precautions.
What companies can do
Organizations must be prepared not to be able to negotiate with blackmailers after an incident, but rather that hackers from totalitarian states or terrorist organizations are behind it. And these are about infiltrating systems, deleting information and rendering it incapable of action. Those responsible should therefore focus on strengthening their cyber resilience. The NIS2 directive, which came into force in January this year, can and should serve as a guide. It marks a decisive step by the EU to establish a uniform level of security for network and information systems in all member states and to make democracies more resilient. Compared to the first version, the area of application has expanded significantly. While the first version focused on companies and organizations from the direct KRITIS environment and the private sector was only slightly affected, the circle has expanded significantly with NIS2.
Affected organizations must take action to limit the impact of cyber threats, strengthen resilience to attacks, and improve the ability to quickly recover from a security incident. Implementing best practices such as ISO standards and IT-Grundschutz is a solid start. External security consultants and managed security service providers can provide valuable assistance here, because modern security technology is complex and requires know-how and sufficient resources.
Nationwide cyber resilience
However, it is regrettable that the NIS2 directive formulates exceptions that affect the public sector. These loopholes allow you to avoid implementing IT security measures. Since state institutions are preferred targets for attackers given the current global political situation, it can be assumed that this is hindering Germany's overall security progress. In order to make the country sufficiently resilient, we should fundamentally consider the possibility of a nationally organized cyber defense, as the USA, England or Australia are already doing and anchor this in the Bundeswehr, for example. Because IT security is an essential part of national defense today. We have to be aware of that.
More at Indevis.de
About Indivis
Certified according to the international standard ISO/IEC 27001, indevis IT-Consulting and Solutions GmbH is one of Germany's leading Managed Security Service Providers (MSSP) with services that are both cloud-based and on-premises. The company has been setting security standards in information technology for over 20 years and provides suitable IT security, network and data center solutions for customers of all sizes and industries.
Matching articles on the topic