Risk precautions are supposedly just as unwelcome as health precautions. But they are just as important! Various studies prove: Attacks on IT systems and applications are increasing significantly. The consequences are financially devastating.

At the beginning of the year, Michael Kroker set a record for the number of hacker attacks on organisations’ systems and information. According to the “Cyberthreat Report 2022” by colleagues from Acronis, 220 billion euros in damage were caused last year.

Hacker attacks increasingly also on critical infrastructures

What is striking when you follow the media and information portals: The attacks are no longer targeted only at corporations. But they have long been threatening small and medium-sized companies as well as providers of crucial infrastructures such as hospitals, police, public authorities, and wind power plants. Suhl’s town hall, for example, had to briefly pause operations in March. The access to the town council’s digital data and systems was no longer permitted after a cyber attack. And just recently in April, Donau-Stadtwerke became the subject of an attack after a wind turbine operator in Bremen had previously been hacked.

The threatening situation for companies and organisations as possible targets for data and information theft through phishing, malware or ransomware (blackmail with the help of data encryption or theft) is becoming ever greater – with a rising trend.

Risk provisioning for data and information security is a matter for the Executive Board

Responsible people and decision makers are therefore urged to act. In addition to economic consequences, software and system failures as well as data loss are at risk – in the worst case, even legal implications. Particularly in the case of ransomware attacks, the data hijackers are increasingly threatening to publish data. This can result in a considerable loss of trust and credibility for companies and the named operators of critical public infrastructures.

Thus, you are called to act proactively – and should bring IT security to the core of your information architecture. The fact is: within the context of risk prevention, you as a manager are responsible for risk management.

But what can you do to protect yourself? We advise you holistically with regard to an information security strategy. Our Vulnerability Scanning & Penetration Tests help to uncover vulnerabilities before an attacker does. In addition, training courses and courses run by our cooperation partner mITSM help to raise your employees’ awareness of information security. Through information and education, you reduce the risk of your teams falling for malicious content in emails, chats or other communication tools and thus opening the gates to your IT systems for malicious intruders.


photo credit: thomas vanhaecht

More articles

The second version of the Network and Information Security Directive (NIS 2) came into force in the EU at the beginning of 2023. The EU member states must transpose NIS 2 into national law by...
Cybersecurity experts from around the world gathered in Nashville, Tennessee from 25-27 October for this year’s ISC2 Secure Congress. It became clear that the information and IT security community cannot ignore the topic of Artificial...
This question is often asked by novices who are dealing with ISO 27001 for the first time. What is an Internal Audit? An internal audit is a self-audit to verify three key points by an...