With the outbreak of the corona pandemic in spring 2020, the already steadily increasing number of cyberattacks almost exploded – across all industries and company sizes. G Data, a German software provider for IT security, stated that it had to fend off almost a third more attacks in March of last year than was the case a month earlier. A study by IDC, for which a total of 210 organizations with more than 100 employees in Germany were surveyed in August, shows something similarly terrifying. The result: In 78 percent of them, hackers had successfully gained access to the system.
The reason for this is in many cases the increased work from the home office. In order to be able to access the internal servers outside the company, employees have to dial in using a VPN or use cloud technologies, and collaboration tools such as Microsoft Teams and Slack are now increasingly being used. These are essential for companies to be able to remain legally competent even during the crisis and the associated contact restrictions. On the other hand, this also creates additional security gaps and cyber criminals have an easy time of it.
Anyone can become a victim
Both large media companies such as the Funke media group and the US government are among the prominent victims of the past few months. However, the attacks become particularly perfidious when the fraudsters focus on the health system or specifically the distribution of Covid-19 vaccines. After Interpol and the Federal Office for Information Security had warned against such attacks, the IT group IBM also announced in December that it had observed corresponding phishing attacks. As reported by the Reuters news agency, there were connections to Iran, Vietnam, North Korea, South Korea, China and Russia during the attacks. The aim of the attacks was to obtain information about the treatment of infected people and the cold chain of the vaccines that are currently so popular in order to identify possible weak points.
Compared to other front runners like Israel, vaccination in Germany is progressing rather slowly anyway, which is causing a lot of resentment among the population. There is a lack of transparency and targeted strategies. But one thing in particular is missing – and that is a sufficient number of vaccine doses. The British-Swedish manufacturer Astra Zeneca is currently the subject of criticism. Although the EU co-financed the development of the vaccine and paid a total of 336 million euros to the pharmaceutical company, it now reports a bottleneck in the planned delivery. So there is still room for improvement in the fight against the pandemic. It is hard to imagine what additional damage hackers could do in view of the rather shaky progress.
Security risks cause stress
But it is not only the increased cyberattacks that pose a major problem for companies. At least as dramatic are the consequences of the increased security risks for employees – and above all for IT managers. Tim Berghoff, who works as a security evangelist at G Data Cyber Defense, explains: “Especially in companies that previously did not offer home office, the stress level for IT managers has risen sharply. Administrators had to provide the appropriate IT infrastructure and the technical equipment in the shortest possible time to enable as many employees as possible to work from home. IT security was often neglected. ”But the work that internally employed and externally consulted IT experts previously performed has also fundamentally changed in the wake of the two lockdowns. Instead of being able to solve connection problems or errors in hardware and software on site as usual, they now have to rely more on remote maintenance. And the use of cloud-based solutions, which are essential for the home office, also brings with it completely new challenges. This massive change and the associated changed safety regulations leave traces.
Also interesting: Fear of third-party tools increases after Solarwinds hack
To what extent the increased risks specifically affect companies, IT managers and employees, the messaging provider Wire recently investigated in a survey for a total of 250 IT specialists in Germany were interviewed. The results show, among other things, that the majority of workers, 56 percent, are concerned about the security of the data they work with on a daily basis. IT professionals are aware of this, but 38 percent of them said that they have not yet taken any steps in their company to specifically address these fears. This has fatal consequences for their psyche: More than one in five of the IT people surveyed said that their mental health was suffering significantly from the increasing security concerns as a result of the remote working situation caused by the crisis. Just as many complain about the resulting sleep problems. Around 16 percent of the survey participants also found an increased susceptibility to anxiety and depression.
Trust that has yet to be created
As for the pandemic, there is no end in sight anytime soon. Experts and politicians are already talking about a third, fourth or even fifth lockdown. In order for companies to survive this period of uncertainty, there is nothing to avoid digital and cloud-based solutions that already point the way to the future. On the other hand, it is just as important not to leave any employee alone with their worries and fears. “The basis of a successful company – whether in the office or independent of location – is internal and of course external communication,” says Wire CEO Morten Brøgger. “And there are some measures that can be taken against this vicious circle of need and mistrust: Employers and IT managers must ensure that their employees and themselves create a secure basis for cooperation. Worrying about doing something wrong and endangering the security of the entire company unnecessarily inhibits the productivity of everyone. We need tools that guarantee the secure transfer of messages and sensitive information. In addition, we need end-to-end encryption that throws cybercriminals into a throat. ”
This challenge is currently to be mastered but only part of the solution that will hopefully lead us back to normality in the foreseeable future that employers and employees alike long for. Another major hurdle will arise for the company’s IT managers when many people go back to the office in the long term. Tim Berghoff from G Data explains: “The return to the stationary workplace can be easily combined with an inventory of the hardware and the reinstallation of computers that have been in private households for months. If there is a plan for this and everything is carried out step by step, the return to regular office life is less stressful for everyone involved – without forgetting IT security. “