Digital Economic Crime | Digital Economic Crime – @shutterstock | PR Image Factory
+++ 9,325 DDoS attacks in Q2 2018 +++ IT security as a cost driver +++ Network threats originate within the network +++ Internet threats are increasing +++ Employee security risk +++ Network threats originate within the network +++ Data leaks compared +++
9,325 DDoS attacks in the second quarter of 2018
Link11, the company of the same name, recorded 9,325 registered and mitigated DDoS attacks on websites and servers in Germany, Austria, and Switzerland (DACH) protected by its services in the second quarter of 2018. According to the latest DDoS report, primarily targeted companies in the e-commerce, gaming, hosting/IT, finance, and entertainment/media sectors. The attacks collectively lasted 1,221 hours. Since there is currently little representative and publicly available data on DDoS attacks in the DACH region, surveys conducted by specialized companies are essential. “The data we collect in our network allows us to draw important conclusions about the increasingly complex threat landscape in the DACH region. Our publications focus less on absolute figures and more on highlighting trends and new developments,” says Marc Wilczek of Link11.
IT security as a cost driver
Hacker attacks can have disastrous consequences for companies. If these companies represent a critical part of the public infrastructure, hundreds of thousands of people can be affected by their outages. The IT Security Act of spring 2016 aims to establish minimum standards for IT security and guarantee the security of supply for the population. Initial figures are now available regarding the additional costs incurred by companies as a result of the law.
As the Statista graphic shows, these costs amount to a five- to six-figure sum for most companies. This is according to a recent study by the auditing firm KPMG . The development of the required IT infrastructure within companies and employee training are the main expenses.
The law obligates companies whose facilities play a vital role in German infrastructure to, among other things, report hacker attacks and provide a direct contact person for the Federal Office for Information Security (BSI). Previously, the law only applied to the energy, IT and telecommunications, water, and food sectors. From the middle of this year, the finance, transport, and healthcare sectors will also fall under its purview.
Dangers to the network come from within the network
Digitalization is progressing steadily in the Swiss energy sector – and this may not be without negative consequences for security of supply. This is one of the findings of the recently published study on Swiss electricity utilities by the consulting firm EY. According to the study, 68 percent of the surveyed executives from electricity utilities and energy suppliers rate the vulnerability of the power grids to hacker attacks as very high or high. Only 11 percent, taken together, see a low threat of power outages due to cyberattacks.
The survey also reveals what has already been done for IT security in the electricity sector. For example, 34 percent of companies have already appointed an IT security officer, and 28 percent have implemented an information security management system. Other companies are still in the process of implementing or reviewing such measures, but for about half, they are either not an issue at all or have not yet addressed the topic. Alessandro Miolo of EY Switzerland offers a cautionary note: “For energy companies, cybercrime is now a risk as significant as natural disasters or fires. The fact that more than two-thirds of Swiss energy suppliers fear power outages due to cyberattacks demonstrates the enormous need for action. Distribution networks and IT systems are often outdated. Distribution network operators must upgrade their systems, and not just with regard to security.”
Dangers from the internet are increasing
In 2016, 14,033 suspected cases of cybercrime were reported in Switzerland. This is according to the annual report published last week by the Federal Office of Police (fedpol). This represents an increase of more than 20 percent compared to the previous year (11,570 cases). While these figures do not represent legally concluded criminal cases, and changes can also be attributed to societal perceptions of cybercrime and the willingness to actively report such incidents to the authorities, the significant increase in recent years nevertheless reflects a growing threat from criminal activity online.
The most frequently reported cases involved cyber fraud, phishing (spying on account and credit card data), and malware (malicious programs such as viruses and Trojans). In this context, the Federal Office of Police (BfP) particularly emphasizes the sharp increase in the prevalence of crypto-ransomware. These programs encrypt the data on the infected computer and demand payment from the user for its release.
Employee safety risk
Digitalization offers enormous opportunities for companies – but also risks. latest Cyber Security Report, 83 percent of companies with more than 1,000 employees register attacks on their IT systems several times a month.
Executives are particularly concerned about the costs incurred in repairing the resulting damage. As the Statista graphic shows, employees are perceived as the primary risk within companies. 75 percent of the surveyed executives and politicians cited employees' careless handling of data as the biggest IT security vulnerability. Hacker attacks came in second place with 50 percent of respondents. The use of mobile devices ranked third among the biggest risk factors.
Dangers to the network come from within the network
Digitalization is progressing steadily in the Swiss energy sector – and this may not be without negative consequences for security of supply. This is one of the findings of the recently published study on Swiss electricity utilities by the consulting firm EY. According to the study, 68 percent of the surveyed executives from electricity utilities and energy suppliers rate the vulnerability of the power grids to hacker attacks as very high or high. Only 11 percent, taken together, see a low threat of power outages due to cyberattacks.
The survey also reveals what has already been done for IT security in the electricity sector. For example, 34 percent of companies have already appointed an IT security officer, and 28 percent have implemented an information security management system. Other companies are still in the process of implementing or reviewing such measures, but for about half, they are either not an issue at all or have not yet addressed the topic. Alessandro Miolo of EY Switzerland offers a cautionary note: “For energy companies, cybercrime is now a risk as significant as natural disasters or fires. The fact that more than two-thirds of Swiss energy suppliers fear power outages due to cyberattacks demonstrates the enormous need for action. Distribution networks and IT systems are often outdated. Distribution network operators must upgrade their systems, and not just with regard to security.”
Data leaks in comparison
Uber had data from 57 million customers stolen – including email addresses and phone numbers. Instead of notifying the authorities, the ride-hailing company paid the hackers $100,000 to delete the data – though whether this actually happened cannot be confirmed. With this incident, Uber joins the ranks of the biggest data breaches. The leader in this category is Yahoo. A hacker attack in 2013 affected all three billion user accounts. It's unlikely that anyone will challenge Yahoo's top spot in the ranking of record data breaches anytime soon. An interesting overview of hacker attacks in recent years can be found at informationisbeautiful.net.
Keep in touch
