Cybercrime. Many companies are still not sufficiently aware that they themselves can become the target of hacker attacks.
With increasing digitization, domestic companies are becoming victims of hackers more often. SMEs are also increasingly affected. According to the Federal Criminal Police Office’s cybercrime report, cybercrime increased by around 30 percent in 2021. Parallel to digitization, the pandemic has also fueled cybercrime. Therefore, the press, together with PwC Austria, invited to the virtual panel discussion “Cybercrime: In the sights of hackers” in order to show in a panel of experts which measures entrepreneurs must take to ward off hacker attacks or to act correctly if one becomes the victim of a cyber attack.
Eva Komarek, General Editor for Trend Topics at the Styria Media Group, welcomed Peter Schrattenholzer, Managing Director of Attensam, Philipp Amann, Head of Strategy at the European Cybercrime Center at Europol, and Erhard Friessnik, Head of Cybercrime, to the PwC office in Vienna’s DC Tower -Competence Center (C4) in the Federal Criminal Police Office, Rudolf Krickl, partner and head of the Family Business & Entrepreneurship department at PwC Austria, and Georg Beham, partner and head of the Cybersecurity & Privacy department at PwC Austria.
Crime is moving online
“Not only is the number of cyber crimes increasing, but also the quality of the attacks,” observes Friessnik from the Federal Criminal Police Office. This was also confirmed by Amann from Europol. “The perpetrators are professionals who are developing cyber crime as a lucrative business model.” Keyword crime-as-a-service, in which cybercrime tools are offered and traditional organized crime is increasingly migrating to the Internet. The hacker attack most often succeeds via so-called ransomware. Malware that encrypts data and paralyzes the company. The data will only be decrypted again if the ransom is paid.
SMEs increasingly attractive to hackers
Statistics show that small businesses and family businesses are becoming more and more of a target. “On the one hand, because SMEs often have some catching up to do when it comes to IT security,” said Krickl. “But family businesses also have leaner structures and decisions are made more quickly. The attackers therefore speculate that family businesses will pay the ransom more quickly.” Data and identity theft are the biggest threat situation for family businesses today.
Caught without a contingency plan
“We thought that we were of no interest to hackers,” said Attensam Managing Director Schrattenholzer. The family business looks after around 40,000 properties across Austria in the areas of home care and winter service. The perpetrators obtained the passwords via ransomware and paralyzed the servers and backups. “From the customer data Everything was encrypted, right down to the logistics plans. Not even the access systems or telephone systems worked.” There was no contingency plan. It turned out to be difficult to find suitable support. “Sometimes we were even suggested to pay the ransom.” It was only at PwC that competent help was found. Not only was the payment of the ransom advised against, but the entire operating system was rebuilt piece by piece.
Preparation is half the battle
“Paying a ransom supports the perpetrators’ business models,” said cybersecurity expert Beham, who, however, can sympathize with the plight of those extorted. “For many hacked companies, the existence of the company is at stake. The attack can mean a month-long outage.” However, Beham warned: “It is not said that data recovery after the ransom payment is guaranteed.” Many decisions are made too short-sightedly. It is therefore all the more important to be prepared in advance for a cyber attack and to have an emergency plan in place. ” Ideally, defense against an attack should also be practiced so that everyone involved knows what to do in an emergency,” said Amann.
Manage vulnerabilities
“The perpetrators want to achieve the greatest possible damage and large margins with little effort,” Friessnik analyzed. It is therefore important to eliminate the weak points. Above all, three points are elementary:
– operating system vulnerability: A weak firewall is like a house without an alarm system. Regular updates reduce the risk of becoming a victim of automated attacks.
– human vulnerability: Most offenders are let in by clicking on links. Employee training and awareness raising as effective countermeasures. At Attensam, “phishing simulations” were initiated to raise employee awareness.
– Vulnerability Passwords: Measures such as strong passwords and two-factor identification should become a matter of course.
“Cyber security must be viewed systematically, consistently and comprehensively,” emphasized Krickl. A newly established system is almost essential to ensure that no back door remains open to the perpetrators. “Often it is not the first hackers who blackmail the company, but they sell them credentials on the market and with it a company can be exposed to myriad attacks,” said Beham. “Once ransomware has taken over admin rights, you can no longer trust the system.”
Keep a Cool Head
A cyber attack must be reported to the data protection authority within 72 hours. “This is another reason why it makes sense to be prepared for ransomware attacks,” according to the advice of the PwC experts: “There needs to be a responsible person who takes over management in an emergency and who coordinates the work orders for everyone involved.”
Crucially, the right time to contact the perpetrators. In the panic, this step often happens too quickly. Friessnik and Amann made it clear that the attackers were unscrupulous criminals. With the establishment of contact, the bomb starts ticking.
Victim Services
Together with industrial partners, Europol installed the global platform “nomoreransom.com”, which offers help for victims of ransomware. After five years of existence, the platform is already available in 37 languages, has over 170 partners (including PwC Austria) and can be used with around 120 tools currently freely decrypt over 100 malware software. So far, the platform prevented over 900 million euros in ransomware ransom payments.
–
