The first call came at 6:30 a.m., but by then it was too late. Two hours earlier, an insidious computer virus had begun to encrypt all administrative computers in the Anhalt-Bitterfeld district, making them unusable. To this day, Sabine Griebsch does not know who planted the virus. She is responsible for the digital transformation of the district and is now known nationwide. Because she did something that nobody in Germany before her had done because of a cyber attack: she caused the disaster to be declared. disaster case? Because of computers in the administration that no longer worked?
“From now on, 20 offices were no longer able to work,” she says at the SZ economic summit, from the vehicle registration office to youth welfare. “Anyone who is dependent on social assistance had to wait, construction projects have come to nothing.” Of course, the question remains how the viruses got into the district’s systems in the first place. This leads to the most important advice that two IT security experts give in the cyber security panel in Berlin: awareness – in other words, to create awareness of how endangered today’s networked world is.
Above all, the management level in authorities and companies must be aware of this, says Paul Kaffsack, co-founder and head of Myra Security, a company that protects companies and authorities from digital overload attacks, known in jargon as DDOS attacks. Although the corona pandemic caused a boost in digitization, the security of the systems was often of secondary importance, complains Kaffsack.
The digital attack surface is growing
Because digital systems are much more networked today and play an increasingly important role in life, the attack surface is also increasing, adds Helmut Reisinger from the global IT security company Palo Alto. Geopolitical changes also contribute to this: “When Russia disrupted communication in Ukraine, 5,800 wind turbines in Germany were also affected,” he gives an example. Nevertheless, there is still often a lack of awareness in this country. Unlike in the US. There, President Biden with one executive order required all federal agencies to simulate a digital attack every seven days.
Often, however, it is not about sophisticated attacks from afar. Paul Kaffsack has a little story ready. As he was recently taking the train a long way, a businessman left his company laptop open on the table when he stopped for a moment in the on-board bistro. “It would only have been two keystrokes to lock the computer,” says Kaffsack. As it was, an attacker could easily have plugged in a USB stick and installed malware.
The insidious thing about it: the malicious code of the attackers does not usually start its work immediately, but works its way through the network, leaving as few traces as possible, always hoping to come across really valuable data at some point. Data that can then be used to extort money. The computers, the threat goes, will only be unlocked again once the ransom has been paid. Ransomware is the name of such software, which, by the way, can also be rented like one for accounting. There are 58 providers for this, says Palo Alto expert Reisinger. And if that doesn’t create enough pressure, the online blackmailers now often threaten to publish data, such as medical records.
Attacks remain undetected for an average of 28 days
The problem with such attacks: it usually takes far too long for an attack to be detected, on average 28 days. By then the damage has usually already happened. Sabine Griebsch and her three (!) employees in IT – “we are completely understaffed” – at least did not feel left alone. The case caused a nationwide sensation last year, the state as well as the Federal Office for Information Security (BSI) and the Bundeswehr came to their aid in order to be able to offer the 180,000 residents of the district at least a minimum of services. Their conclusion: “We make ourselves vulnerable if we don’t think about IT security from the start.”
An important concept here is called zero trust, So, as Helmut Reisinger explains, to react to every request to a system as if you had zero trust in the request. To do this, the rights of the users in the system would also have to be restricted. And artificial intelligence must help identify attacks based on suspicious patterns much earlier than humans could.