Online Attacks
Cyberprofessor: Include hacker defense in training
The CyberSec4Europe initiative is committed to better IT vocational training. (Iconic image) Photo: Yui Mok/PA Wire/dpa
© dpa-infocom GmbH
The number of cyber attacks is increasing. How to prevent? Not only complex IT security measures could help, but also improved vocational training.
With better vocational training against cyber attacks: In view of the increasing damage, the European security initiative CyberSec4Europe advocates including preventive defense measures in the training plans.
“We need better training frameworks for application areas, and we also need training content that is not just related to technology,” said Kai Rannenberg, the coordinator of CyberSec4Europe, the German Press Agency. The initiative is the pilot of a planned European competence network for cybersecurity.
“There are already standards for the minimum requirements for vocational training, but there is no specification of what employees need to know in order to use a computer,” said the professor for IT security of mobile and networked devices at Frankfurt’s Goethe University. “However, well-founded safety management should include user training, as well as matching work processes to needs and abilities.”
Blind spot in the scope
At the universities there is now a very good training for classic security technology, especially for cryptography, said Rannenberg. «Where there is a much greater lack of security education for application areas. Examples would be medical practices, in which there is a lot of sensitive data, or medium-sized craft businesses, such as bakeries. »
According to Rannenberg, insurance companies and banks are better positioned than the average company when it comes to IT security. “But many industrial companies have not yet seen that they are at risk.” This is particularly about blackmail with “ransomware” – malicious encryption software.
Extortion as a business model
According to information from IT security companies, some ransomware attacks are now demanding tens of millions of euros for decrypting the blocked systems.
Blackmail as a business model also exists on a small scale, said Rannenberg. “Sending emails costs nothing, and if you send the identical blackmail email a million times, you can quickly earn two thousand euros, even if only ten recipients pay €200 each.”
It should actually be included in the training of secretarial staff or office clerks, “that one should not allow oneself to be fooled and not open e-mails at will and not enter passwords at random on websites. It’s amazing how much still goes wrong.”
People would also need to be trained on the phone. “It often happens that someone calls, pretends to be a Microsoft employee and gets the callee to allow access to their computers,” said Rannenberg. “The attackers are skilled and are becoming more and more skilled.”