Smart IT security takes account of the human factor

Digitalization has fueled human ingenuity – including among criminals, unfortunately, who are causing significant additional work for IT departments. For them, ransomware, phishing, and data theft have become lucrative “business models”. In pursuit of efficiency gains, criminals are even increasingly turning to automation.

However, digital criminality is not driven solely by a desire to make money. The motivations are more complex. Data is valuable information, and thus a target of corporate espionage. Hackers may also inflict long-lasting damage to force competing companies from the market.
 

The most common reasons for cyber-attacks

Experts assume that money is the most common reason for cyber-attacks, closely followed by corporate espionage. Other, less common reasons are summarized by the acronym FIG: fun, ideology and grudge. Ideologically motivated cybercrime takes the form of attacks on states, political opponents, sensitive information, and critical infrastructures. Organizations that manage such data or operate the related infrastructure can also get caught in the firing line in contests of power politics.

Criminals are innovative

Cybercrime is typical of the IT industry in some respects, as it is characterized by a high level of professionalism and continuous innovation. Hackers set the same priorities as legitimate chief information officers (CIOs): they optimize, automate and scale.

There is a lot at stake for companies. Security is therefore part of the business strategy and understanding how criminals think is an everyday matter for CIOs. After all, if you know how criminals operate, then you’ll also know what measures to take. This ranges from the physical security of business premises and data sites right through to the IT infrastructure and software solutions.

Even with the best security, it pays to make sure you’ve got backups

Network security solutions have proven themselves on a virtual level. Firewalls and DDoS protection pose a challenge for criminals looking to scan systems for vulnerabilities. However, security departments also must grapple with the complexities of these tools in order to ensure that protection is up-to-date and properly configured. So, patch management is not simply a necessary evil: only updates and new features can help security representatives to stay one step ahead of criminals.

Backups are still a classic data security tool. And these have also evolved: for example, there are now solutions that back up data and the data environment and can be administered via centralized management platforms.

The best strategy against cyber-attacks

A sense of what makes criminals and other people tick

IT security requires an awareness of possible targets and vulnerabilities within a company’s systems. Some understanding of the criminal mind is also needed: which data and systems might be of interest to potential attackers? Which data is of a very sensitive nature? Are the security measures up to date?

No matter what the risks and solutions, one element should never be overlooked: the human factor. A security system is only ever as good as the people who work with it. Fraudsters use social engineering to exploit human weaknesses, among other things, to gain access to data and systems. A company’s security strategy must therefore also ensure that individual employees are aware of security issues so that attackers do not hack people as if they were machines.