High number of unreported cyber attacks on companies
Most recently, the University of Salzburg was affected by a cyber attack in the state, and Salzburg Milch has also recently been the target of criminal hackers. And the case of the listed crane manufacturer Palfinger, where production came to a standstill for days after an attack, is also in the media. Palfinger paid ransom.
Ransom is often the solution substituted
Thomas Köhler, a cybercrime expert from Germany, said at the conference that this is not an unusual route: “Today, attacks are so complex and sometimes so difficult to solve that you have to pay to pay. In some cases, this can make more economic sense, although it is important to note that there is no guarantee that you will actually get the data back. There is no such thing as ‘crook honor’.”
In addition, it is often not only the immediate solution that has to be paid for, but also the one that prevents a data breach from being published and returns everything under the rug.
“If you pay once, you make yourself a repeated target”
But in many cases a one-off payment of the ransom is not enough, Köhler added: “According to all the experiences we have had in recent years, it is like this: if you pay once, you pay more often and thus make yourself a repeated target.”
Large corporations are no longer the only ones affected by cyber attacks. Small and medium-sized companies are also at risk, said Martin Pils, head of information security at the aircraft parts manufacturer FACC in Ried (Upper Austria): “We share – no matter the size of the company – a cyber space where all companies do their business. This means that small and medium-sized companies are just as at risk as large international corporations.”
Careless Employee “Danger Vector Number One”
In 80 percent of cases, hacker attacks are still carried out by careless employees in the company: “Unfortunately, people are still the number one danger vector: any e-mail attachments that you just don’t pay attention to when you’re stressed. This can happen to any of us. We just have to limit such attack vectors,” emphasized Anna habenegg, an expert for information security at Palfinger.
Cybercrime conference in the Kavalierhaus
Many companies were and are the target of cyber attacks, such as the global corporation Palfinger, which bought its freedom after a hacker attack. Whether one should pay or not is also one of the central questions at a large cybercrime conference in Salzburg.
Public facilities more and more affected
Nationally and internationally, public institutions are increasingly the target of hacker attacks – and there are reasons for this, according to Köhler: “Public institutions are – unfortunately, it has to be said – very often relatively poorly protected and therefore relatively often the target of attacks.”
The number of unreported cyber attacks is enormous, according to Köhler: “If we look at the studies, then two thirds to 80 percent of the company have been affected in some way – sometimes with lesser effects. But especially with medium-sized companies, it is simply not that noticeable (publicly).”
Demand for security upgrade
IT experts from all German-speaking countries are pushing for massive upgrades within the companies, as is habenegg: “Every day that we make things safe, for example, ultimately helps us with the cyber attack so that we can produce faster again or, in the best case, none at all Having production downtime.” When asked whether it wouldn’t be cheaper for companies to simply save and be able to buy their way out, habenegg said: “No, never. Hackers should never be financed anyway. In no way do we support this business.”