“Often it is not the highly developed hacker attacks that cause considerable damage across the board, but everyday attacks, for example through so-called phishing,” explains Dennis-Kenji Kipker from the Institute for Information, Health and Medical Law (IGMR) at the Faculty of Law. Phishing attempts to obtain personal data via fake websites, e-mails, or text messages. In principle, companies of all sizes are likely to be attacked, says Kipker. “Where there is profitable data to be stolen, someone will attempt to get their hands on it.” Moreover, fraudsters would not shy away from attacks on private individuals.
Second Monitor Survey
Numerous so-called critical infrastructures were surveyed from October 2017 to January 2018 as part of the Germany-wide IT security study “Monitor IT-Sicherheit Kritischer Infrastrukturen” (IT security of critical infrastructures monitor). These include airports, rail-traffic control centers, hospitals, banks, insurance companies, nuclear power stations, and waterworks, for example. The study – also called a monitor survey – was carried out within the framework of the funding priority “IT-Sicherheit für Kritische Infrastrukturen” (ITS|KRITIS – IT security for critical infrastructures” funded by the Federal Ministry of Education and Research (BMBF). The research project is headed by the Üniversität der Bundeswehr München (university of the German armed forces in Munich). In addition to the University of Bremen, Friedrich-Alexander Universität Erlangen-Nürnberg (FAU) and the German Commission for Electrical, Electronic & Information Technologies (DKE) within the VDE (Association of Electrical, Electronic & Information Technologies) are involved. This is the second monitor survey. The first one was published in 2017.
IT Security Training Is Important
The study showed that a large number of the operators surveyed reported cyberattacks. According to Bremen IT expert Dennis-Kenji Kipker, it is remarkable that the most frequently cited cause for the success of attacks is the misconduct of employees. “This demonstrates the need for appropriate IT security training.” In addition, staff must have a sensitive awareness of IT security.” The results of the study show that there is a large proportion of organizations that do this. However, partners and external employees are rarely included in this training. “It is also interesting that the operators are more optimistic about their own ability to fend off cyberattacks than they are about the ability of the rest of their industry or the German economic area in general,” says Kipker. This effect was already visible in the first monitor survey and can now be seen again.
IT Security Must Be Adapted to Current Risks
Another result of the study is that if cyberattacks are caused by malware that attracts a lot of media attention, organizations are much more inclined to rethink their IT security. But even if operators respond to new threats, few of them take new measures. Most organizations check the existing ones or have already taken measures in advance because the threat was already known. “These results show that the operators of critical infrastructures take their responsibilities seriously and react,” says Kipker. Then again, it is becoming clear that IT security needs to be continuously adapted to current risks.
Additional Information:
Contact:
Dr. Dennis-Kenji Kipker
Institute for Information, Health and Medical Law (IGMR)
Faculty of Law
University of Bremen
Tel.: +49-421-151-4022-3163
E-mail: kipkerprotect me ?!uni-bremenprotect me ?!.de
About the University of Bremen
Top-performing, diverse, reform-minded, and singularly cooperative – that about sums up the University of Bremen. Around 23,000 people learn, teach, research, and work on its international campus. Their shared goal is to contribute to the advancement of society. With well over 100 degree programs, the range of subjects offered by the University is broad. As one of Europe’s leading research universities, it maintains close cooperation with non-university research institutions in the region. This spirit of cooperation led to the founding of the U Bremen Research Alliance in 2016. The University’s competence and dynamism have also attracted numerous companies to settle in the technology park surrounding the campus. This has created an important national location for innovation - with the University of Bremen at its heart.
