Industries
Industries Overview
Healthcare & Life Science
Manufacturing
Media & Entertainment
Public
Retail & Consumer Goods
Utilities
Consulting & Innovation
Consulting
Business Transformation
Technology Consulting
Process Consulting
Innovation
Generative AI
Sovereign AI
Metaverse
Consulting
Business Transformation
Business Transformation Consulting
Solutions & Products
Solutions
Sovereign IT
Business Process Management
Counterfeit Protection
Customer Experience
Data & Automation
Digital Workplace
E-Commerce & Omnichannel
Finance
SCM & Logistics
Products
Arvato Systems Alive
Order Management with aroma®
Digital Workplace with NAVOO®
Digitize logistics processes with platbricks®
Vulnerability Management with Varedy
Sustainability Management with green.screen
Further Products
Technologies
Amazon Web Services
Google Cloud
Microsoft
SAP
Further Partners
Solutions
Business Process Management
Process Modeling and Process Documentation
Process Mining
Process Automation
Governance, Risk & Compliance
Solutions
Counterfeit Protection
Serialization in the Consumer Goods Industry
Serialization in the Pharma Industry
Solutions
Customer Experience
API Management
App Development
Arvato Systems Alive
Customer Experience Consulting
Hyperpersonalization
Customer Loyalty
Content Management
Customer Relationship Management
Product Information Management
UX and UI Design
Solutions
Data & Automation
Data Fabric
Data Governance
Generative AI
Hyperautomation
DocuStream
Artificial Intelligence
Robotic Process Automation
Self-Service Business Intelligence
Solutions
Digital Workplace
Microsoft 365 Backup Service
Digital Meeting Management
Digital Workplace with NAVOO®
Microsoft 365
Microsoft Power Platform
Guest User Manager
Solutions
E-Commerce & Omnichannel
Order Management with aroma®
SAP Customer Experience
Solutions
SCM & Logistics
Warehouse Management
Transport Management
Production Planning
Digitize logistics processes with platbricks®
Artificial Intelligence in Logistics
Logistics 4.0
E-Commerce & Omnichannel
Order Management with aroma®
Distributed Order Management
Customer Service
Instore Modul
Drop shipping
Cart Handling
Registration for a demo
SCM & Logistics
Digitize logistics processes with platbricks®
Production Supply
Container Management
Warehouse Management System
Mobile Solutions
Analytics
Chatbots
Gamification
Healthcare Suite
Technologies
Amazon Web Services
Amazon Connect Contact Center
AWS Container Acceleration
AWS Cloud Migration
SAP on AWS
High-performance online store hosting in AWS
Cost-Effective Online Store Hosting with AWS
Technologies
Google Cloud
API Management with Apigee
Modern Data Warehouse Management with BigQuery
SAP on Google Cloud
Google Cloud Landing Zone
Technologies
Microsoft
Microsoft Azure
SAP on Azure
Microsoft 365
Microsoft Power Platform
Technologies
SAP
SAP Application Management Service
SAP Business Technology Platform
SAP Customer Experience
SAP IS-U
SAP License Management
SAP on Cloud
SAP RISE
SAP S/4HANA
End-2-End Process Monitoring
Infrastructure & Operations
Cloud & Data Center Services
Cloud Transformation
IT Outsourcing & Infrastructure Services
Multi & Hybrid Cloud
SAP on Cloud
Virtual Desktop Infrastructure
Workload Automation
Security Services
Cyber Care & CDC
Disaster Recovery
Security services for AWS
Vulnerability Management with Varedy
SAP Security
Managed Services
Cloud Foundation
Managed Workloads
Application Management
Cloud & Data Center Services
Cloud Transformation
Application Modernization on Cloud
Datacenter on Cloud
Data Management on Cloud
Enterprise Application Integration
Managed cloud IT with Avvia
Cloud & Data Center Services
IT Outsourcing & Infrastructure Services
SAP Hosting
Cloud & Data Center Services
Multi & Hybrid Cloud
Amazon Web Services
Google Cloud
Microsoft Azure
Virtual Private Cloud
About us & News
About Arvato Systems
Awards
Corporate Responsibility
Management
Memberships & Certifications
Partnerships
Locations
References
Press
Events
Contact
Stage-Cyberresillienz-unsplash

How to Make Your Company Resilient to Cyberattacks

A Cyber Resilience Strategy, Which Helps Prepare Organizations for a Cyber Attack.

...
Becker, Oliver_00708305
Written by
Increase the resilience of your production against cyber attacks
16.06.2022
Digital Transformation
Security

It's not a question of if your company will fall victim to a cyber attack, but only when. Cybercriminals can still reach the target despite all cyber security measures. A cyber resilience strategy helps to secure business operations as much as possible.

"Business model" extortion flourishes
Increase resilience against cyber attacks
Conclusion

Reports of cyber attacks on companies appear in the press almost weekly. Manufacturing companies are increasingly becoming the focus of cybercriminals - examples include a leading agricultural machinery manufacturer, an automation technology company, a supplier of printing inks, and a producer of pumps and valves.


This is apparent: If production processes are paralyzed for several days or weeks, companies are threatened with significant monetary damages, customer losses, and image damage. This makes them worthwhile targets for blackmail from the cybercriminals' point of view.

"Business model" extortion flourishes


To do this, hackers gain access to their victims' systems. At the end of the attack chain, they execute ransomware and encrypt the data of the affected company. The data is only rereleased against the payment of a ransom.
 

This "business" seems to be flourishing - according to industry association Bitkom, damage caused by ransomware rose from 5.3 billion euros in 2019 to 24.3 billion in 2021. The German Federal Criminal Police Office (BKA) sees 2021 as "the year of ransomware." According to the BKA, Germany is affected by ransomware attacks with above-average frequency in an international comparison.


In our free briefing, "Cybersecurity in production - the eight most important aspects," you can find comprehensive information on the topic.

Manufacturing companies, in particular, face significant challenges in terms of cyber security. In the world of Industry 4.0, the systems of classic IT are merging with those of operational technology (OT) in production. On the one hand, this convergence brings new opportunities for more flexible displays. Still, on the other hand, it also poses enormous risks in terms of security, and this risk is vastly underestimated. For example, in preparing its Digital Defense Report 2021, Microsoft found that 20 million devices were accessible via the preset password "admin."


With Sentinel and the various Microsoft Defender products, Microsoft offers solutions for intelligent, company-wide security and threat analyses, for which a connector for SAP systems is also available. This means that companies can also continuously monitor their SAP systems around the clock - an essential step in implementing a holistic security strategy.

Increase resilience against cyber attacks

Cyber security refers to the methods and procedures used to protect electronic data. This essentially involves the technical protection of systems against intrusion by hackers and the response to attacks. Technological solutions for security information and event management (SIEM) and security orchestration, automation, and response (SOAR), for example, enable threats and attacks to be detected early and responded to accordingly.


However, experience shows that even the best technical solutions cannot guarantee one hundred¬ percent protection. Companies should therefore prepare for the worst-case scenario. The cyber resilience approach describes how you can increase your company's resilience against attacks from cybercriminals. Consider the following eight tips if you want to develop and implement a cyber resilience strategy that is as efficient as effective.

1. create awareness among employees

To put it bluntly, people are considered the weakest link regarding cybersecurity. It is all too easy, for example, to unthinkingly click on a link in an email during a stressful working day, which cybercriminals use to gain access to systems. All employees must be aware of their responsibility to avert such dangers from the company.


Regular training and tests, such as simulated phishing emails, help build the appropriate awareness and keep knowledge of cyber security issues up to date.


2. implementation of a cyber hygiene policy

The development of a guideline for "cyber hygiene" is urgently recommended. This must be understood as a whole range of regulations that all employees must support. The package of measures aims to minimize the risk of cyber attacks by consistently following specific rules.


The cyber security systems themselves must always be optimally configured and kept up-to-date. This also applies to all applications - effective patch management ensures that all (security) updates are installed. Password policies, access management, regulations for secure remote access, network segmentation, backup strategy, and, last but not least, email security - are all aspects that should be considered in a cyber hygiene policy.


3. assessment of the internal IT and OT systems

One crucial task is to record all IT and OT systems. This should also include logging which processes are handled via the respective systems and how business-critical they are. The collaboration of the systems, for example, via interfaces, should also be analyzed and documented. On the one hand, this helps to identify security gaps and, on the other, to react in a targeted manner in the event of a cyber attack.



Companies that do not want to build up internal resources for this purpose can also rely on service providers to operate a SOC.


5. establishment of a security operations center

Cybercriminals are becoming increasingly professional and "work" around the clock. To ensure smooth business operations, it is, therefore, necessary to continuously collect, correlate and evaluate data relevant to IT security. To this end, setting up a Security Operations Center, or SOC for short, is advisable.


Such a control center monitors the company's entire IT infrastructure "24/7" - networks, servers, workstations, and Internet services. The data collected, such as log files, is analyzed in real-time to identify anomalies at an early stage. If necessary, the concerned departments are informed, and measures are taken to protect data and applications to ensure business continuity.


Companies that do not want to build up internal resources for this purpose can also rely on service providers to operate a SOC.


6. development of an emergency plan

If despite everything, cybercriminals are successful in their endeavors, a predefined emergency plan helps to act in a level-headed manner. This plan should define the relevant internal responsibilities and a reporting chain. It should also describe the critical business processes, protective measures, and procedures for (step-by-step) restoration of the ability to work.


Cooperation with external service providers should also be regulated - who will provide support and to what extent? The plan should also include guidelines for communicating the incident to the outside world, for example, to inform customers and partners.


The Federal Information Security Agency provides valuable guidance for creating an IT contingency plan.


7. simulations of attacks reveal attack potential

Regular stress tests and penetration tests are invaluable when preparing the company to cope with cyber attacks. If the internal reporting chain is functioning, if thought is given to informing customers and partners, for example, and if the defined measures to contain and defend against the attack are initiated - a simulation will help uncover possible attack potential.


8. establish cyber resilience as a business process

Cybercrime is constantly evolving. In the meantime, the extortion of companies, in particular, has advanced to become a real "industry" in which cyber criminals cooperate with service providers, for example, to execute the attacks or "the payment system.


To keep pace, companies need to understand that cyber security and resilience are not one-off tasks. They should be understood as business processes that need to be continuously developed and maintained.


Conclusion

Today, companies should expect to become victims of cyber attacks. It is therefore essential to strengthen the resilience of structures and processes against such threats to safeguard business operations as far as possible and avert damage to the company. A holistic cyber resilience strategy is the tool of choice.

Would you like to set up your Operational-IT securely?

Dann laden Sie sich jetzt unser Briefing herunter!

Cybersecurity for SAP in Manufacturing and Production

Criminals are increasingly attacking production systems and paralyzing entire companies. Our security briefing summarizes the 8 most important points.

Learn more

Written by

Becker, Oliver_00708305
Dr. Oliver Becker
Expert for the Digital Transformation of the Manufacturing Industry
Subscribe to our newsletter
ImprintPrivacy PolicyGeneral Purchase ConditionsYour Career at Arvato SystemsContactChange Cookie-Settings
© 2024 Arvato Systems