The damage caused to companies by cyber attacks doubled in the past year: 223 billion euros was the record amount of damage caused by the consequences of data theft, spying and sabotage.
According to the latest study by the industry association Bitkom, almost nine (!) Out of ten companies were affected by cyber attacks in 2020. In 2020, the risk of falling victim to a cyber attack increased significantly: almost nine out of ten companies were affected.
The home office situation, in which many employees suddenly found themselves outside the IT security architecture, favored the attacks, according to the study. The consequence: in the worst case, the companies were affected by the failure of the information and production systems; Currently, even nine percent of companies see their existence threatened by cyber attacks.
The most common threat scenarios
Now at the latest, small and medium-sized companies in particular should work on their “cyber resilience” under the question: How can my IT be protected from cyber attacks? We will give you an overview of the most common types of attacks in the past year and how you can best protect yourself.
Please confirm your email address!
Click on the link in the email we just sent you. Also check the spam folder and whitelist us.
More information about the newsletter.
Infection with malware
The infection with malware put German companies under particular pressure in 2020: According to the Bitkom study, 31 percent experienced such an attack. Cyber criminals try to smuggle malicious programs such as worms, Trojans or viruses into the company network via a wide variety of channels, for example via a seemingly trustworthy e-mail attachment, a malicious macro within an Office document or simply by clicking on a prepared advertising banner on a website. Once the malware has entered the system, it usually means that cyber criminals can take over remote control of the infected system.
Distributed Denial of Service (DDoS)
27 percent of the companies surveyed struggled with a so-called DDoS attack in the past year. Attackers aim to bomb servers from a large number of different systems with so many requests that they can no longer cope with their task. The result: systems fail for a certain period of time.
So-called spoofing (“deceive”, “fake”) was the third most common type of attack in 2020 (20 percent). This is also about unauthorized intrusion into a network in which the attacker fakes a trustworthy identity. The goal: to receive personal data in order to use it for further targeted attacks, for example for phishing.
Spoofing is a preliminary stage to phishing (18 percent of attacks) in which cyber criminals try to appear as a trustworthy communication partner via bogus e-mails, messenger messages or websites. In doing so, they pursue the goal of gaining personal data with which the attackers can subsequently, for example, plunder accounts or smuggle in spying software.
Ransomware in particular has received a great deal of media attention in recent weeks, as this type of attack has caused district administrations and paralyzed supermarket chains to be unable to act. If a system is attacked with blackmail software of this kind, the user loses access to his data and can only get it free again – if at all – against payment of what is often a very high ransom. “The force with which ransomware attacks are shaking our economy is worrying and affects companies of all industries and sizes,” said Bitkom President Achim Berg. Last year, 18 percent of companies were affected by ransomware attacks – but these cases contributed significantly to the record loss of 223 billion euros.
With SQL injection (17 percent of all cases), attackers exploit security gaps through programming errors in SQL databases. In this way you can smuggle in database commands and possibly read out further data, change, delete without authorization or even take control of the entire database server.
IT security concept: protection against cyber attacks
No single measure is sufficient to ensure that your IT is optimally protected against failures caused by cyber attacks. A comprehensive IT security concept is required that not only takes technical precautions into account. It is best to let an IT expert help you with the creation and implementation of an IT security concept. Because for this, the current state of your IT must be comprehensively checked in advance in the following areas:
- Updates and system hardness: Are all components of the system up to date so that there are no security gaps in applications that could be a target for attack? Is there an update routine? Have appropriate precautions been taken to protect the network from the outside (e.g. with a next generation firewall)?
- E-Mail Security: Is the e-mail traffic in your company protected by security solutions and encryption?
- Reliability: Is your IT structure designed to be redundant, ie are there functionally comparable resources multiple times so that operations can continue in the event of a failure?
- Data backup: Does your company have a backup strategy that ensures that your data can be restored if it is lost?
- Segmentation of the network: Is your network divided into subnetworks so that, for example, in the event of an attack, infected areas can be sealed off from the rest of the network?
- Employee awareness: Are your employees sufficiently trained in how to recognize phishing emails or suspicious websites, for example? Because the “human factor” is the main risk for corporate IT.
Cloud-based security solutions for small businesses
Small and medium-sized companies in particular are initially faced with great challenges due to the many different requirements for IT security. But there are also scalable and affordable solutions for them, such as cloud-based security applications that can be integrated into existing systems. With this you can take precautions: Because the loss of data costs companies far more expensive than an investment in IT security. So far, according to Bitkom, an average of seven percent of the IT resources of companies have flowed into IT security. However, after the sharp increase in the number of attacks, they increased it significantly by 24 percent.