Alone: there is a lack of skilled workers. In the federal government alone, every fifth position in IT security is vacant or has one Question from the left-wing parliamentarians Anke Domscheit-Berg surrendered this week.
Is data security sufficient in German authorities and companies?
All of this shows that data security in Germany is probably not sufficient – even if the legal requirements for data protection have perhaps even been complied with. So that – figuratively speaking – there are different rooms in a house in which data is stored and can be used; but neither the rooms nor the house are properly locked.
Dr. A.S. Sandro Wefel, IT security researcher at the Martin Luther University Halle-Wittenberg, says privacy and data security should not be traded off. “However, it cannot be assumed that data protection can be guaranteed without data security.” If digital systems could be easily infiltrated, the sensitive data could also simply be stolen, says IT security expert Wefel. “In this case, no legal provisions on data protection will help.”
legal Specifications such as the General Data Protection Regulation should hardly bother global data thieves, says Wefel. On the contrary: If they blackmail companies or authorities, the criminals often even use the General Data Protection Regulation as an argument, according to which fines would be imposed on the victims.
“A lot of people cling to privacy,” believes Erick Thek. He has worked in the cybersecurity industry for more than 20 years and currently helps Trend Micro customers understand the dangers of cyberspace. That’s the only way they can prepare for it. Thek says that the basic data protection regulation is primarily about the supposed protection of data. “But I think we’re missing the big picture.”
And that’s rather grim: Criminals penetrate systems, steal data from companies and authorities, blackmail them and exploit the data by writing to people and tricking them into transferring money or by opening accounts in their names, products or obtain services. A whole cybercrime industry.
privacy and data security are widely misunderstood, says Theck. “Because it sometimes ends in mysterious arts, in legal terms about what can be done legally, or in magical terms about how an IT employee can protect a system.” A common language has to be found about what all this means and how it can be implemented organizationally in companies and authorities, says Thek.