BSI publishes survey on increased attack surface for cybercriminals through the home office - a comment by Marcus Henschel
by Svenja Koch
The German Federal Office for Information Security (BSI) regularly conducts surveys on IT security in the German economy. Due to the COVID-19 pandemic and the associated protective measures, the year 2020 has presented companies and organizations with complex and diverse challenges. The pandemic has once again demonstrated the importance of functioning and secure IT infrastructures. The home office or remote work can offer a unique attack surface in this context, mainly if many employees work from home in the short term as a containment measure for the pandemic.
Because of these remarkable developments, the BSI conducted a study this year to shed light on these particular circumstances and challenges. In a nationally representative survey, 1000 companies were asked about their home office situation. You can find the complete study result here.
A commentary by Marcus Henschel, CEO of secion GmbH
"The GDPR is only one (important) side aspect here. Companies have neglected the cyber risks associated with home offices. From an operational point of view, is partly even understandable, as thousands of home offices have been "opened up" in a very short time. However, we see that 3 out of 7 successful cyberattacks on companies had their origin in the home office.
This finding is also supported by the survey published yesterday by the BSI, which indicates that about a quarter of the companies affected in the Corona period said they suffered existence-threatening or severe damage."
Home office will stay - but your IT security must adapt!
Our experts will support you!
Related articles
QR codes have been around for almost 30 years. Today, we scan the square codes with our smartphone as a matter of course to release bank orders, create a digital vaccination certificate or retrieve coupons. However, since QR codes are also used by cybercriminals for fraudulent purposes, you should not trust the little squares without limits. You should be especially careful if you receive a QR code via email: A sophisticated phishing attack could be hiding behind it. We show you how to recognize quishing attacks and protect yourself from them.
Read more … Caution, Quishing: Criminals use QR codes for phishing attacks
In early October, the ransomware group Black Basta attacked an IT service provider of the Deutsche Presse-Agentur (dpa), stealing the data records of 1,500 dpa employees as well as pension recipients of the dpa support fund. Two weeks later, the cybercriminals published the first sensitive data of the victims on the darknet. This incident is just one of many attacks associated with the notorious Black Basta ransomware - and there will be many more to come. That's because, as new research shows, the cybercriminals act very similarly to other aggressive hacker groups.
Read more … Black Basta: New findings on the notorious ransomware
The cybersecurity industry is more dynamic and rapidly changing than any other sector. Today's insights may already be outdated tomorrow. Because at the same pace as IT security develops new measures to protect IT infrastructure, networks, and endpoints, cyber criminals bring new tools to the market, refine attack methods, or use unknown techniques to successfully carry out cyber attacks. Anyone who wants to stay as well informed as possible in the multi-layered environment is dependent on regular updates. This applies equally to technically interested users and IT staff. One popular source of information in Germany is the podcast. More than 40% of all Germans regularly listen to podcasts - one fifth of them daily. We asked our IT security consultants for recommendations on ethical hacking and present our top 5 most popular cybersecurity podcasts here.