(Risk)factor, human being
Phishing attacks and BEC (Business E-Mail Compromise) Attacks on companies worldwide, but particularly in Europe are increasing. (2) The aim of a phishing attack is financial, often to redirect payments into the account of criminals by eavesdropping business e-mail correspondence. For the companies concerned, this means a direct financial loss and can lead to further negative consequences if other sensitive data were collected during the monitoring and are auctioned on the Darknet.
For this reason, employees' awareness of cybersecurity in the form of regular training is essential. Software solutions such as Cryptshare support employees in their day-to-day work and reduce the surface area of attack enormously. The reading of mail correspondence by unauthorized third parties is impossible because it requires special authentication and the contents are encrypted, all of them. Files, metadata, and the message. It is therfore extremely difficult for criminals to inject malware into the IT system of the company, or a man-in-the-middle attack on a message on its way from A to B, in which the payment information of the actual recipient is replaced by that of the criminal attacker. Social engineering attacks, particularly costly CEO frauds, which carry a warning from the German Federal Criminal Police Office (BKA) and the German national cyber security authority, the Federal Office for Information Security (BSI), can also be prevented.
Shadow IT, which is the unauthorized use of impermissible services, e.g. private Dropbox, by employees, can be prevented with the help of the right tools. These "shadow IT" programs are welcome door-openers for criminals to drive ransomware or espionage attacks to businesses. If employees have all the equipment and systems they need for their daily work, they will not use their own equipment and private programs. This reduces the attack area notably.
But what can you do if employees knowingly forward secret or sensitive data to unauthorized persons, e.g. in order to gain a financial advantage or "take along" insider knowledge, test results, your customer list, etc. shortly before employer change. The damage caused by uncontrolled data leakage by employees is immense. Almost 55 billion euros of damage to the German economy is caused by data theft, industrial espionage or sabotage. In almost two-thirds of the cases, current or former employees are the mover, in 41% of the cases the perpetrators come from the business environment (competitors, customers, suppliers, service providers). Here, intelligent software can help to stop the data loss or at least to isolate it and make it comprehensible. With the help of software solutions such as Cryptshare, companies with security by design settings can stop the uncontrolled flow of large files.
With the help of configurable policy rules, administrators determine which policies apply when certain sender groups communicate with specific recipient groups. In this way, you can restrict data sizes and always keep track of which files were sent or retrieved. As a quasi-self-cleaning system - the data is deleted from the server after a definable period of time - Cryptshare avoids the data being forgotten and becoming a data graveyard.
Create a security concept and replace old with efficient new software solutions
The advancing digitization of industry 4.0 with more and more machines connected to the Internet, which are increasingly operated by employees with different (mobile) devices, offers a wide potential for abuse.
To prove the well-known strapline "Vorsprung durch Technik" used by a European automobile manufacturer since the 1970s in the future, industrial companies have to fight attackers in terms of technology. It is necessary to set technological barriers for employees who are "dishonest" and for "chatty" employees who fail to comprehend the risks. Companies need to put their IT to the test, close security gaps, replace old software with new ones. This is a process that has to be done continuously and not according to the waterfall principal- and it should be done now!
Exchange data of any size ad-hoc, secure and trackable with Cryptshare:
- Technical design drawings in the form of CAD files
- Construction plans and circuit diagrams
- Business ideas and patent designs
- Marketing proposals and strategy papers
- Referee reports
- Technical documentation
- All document types can be transferred via Cryptshare: PDF files, graphics, CAD files, spreadsheets or word processing files, videos and more.