Photo: rawpixel on freepik

17. May 2021

Cybercrime: Staying Safe

According to a study by KPMG, in 2020, six out of ten Austrian companies were victims of cyber attacks. However, 41 percent of domestic businesses are not preparing for the financial impacts and expected costs of cyber attacks.

“Cybersecurity is a complex topic, and knowledge about it is often not well established in companies. Often, there is no specialized personnel, and security measures cost a lot of money,” says Walter Unger, Head of the Cyber Defence & ICT Security Department at the Austrian Armed Forces.

Ransom, Sabotage, and Espionage

Cybercriminals often attack companies with the intention of extorting money: company data is encrypted with ransomware and “held hostage,” for which ransom is then demanded. “If companies do not have a secure recovery and backup plan in such a case, they become victims quickly. But regular data backup can counteract this,” says Unger.

Another attack intention is sabotage: systems and servers are paralyzed so that they are no longer accessible. This is especially a problem for e-commerce providers. Here too, ransom is usually demanded. “A third attack intention is espionage,” says Walter Unger. “Usually, trade secrets or specialized know-how are the targets of criminals. After all, we have about 400 hidden champions in Austria – innovative companies that are world leaders in technology. If knowledge is stolen from them, someone else might enter the market faster and maybe even cheaper.”

“The employees and management must be sensitive to possible attacks, including telephone calls and emails, especially through social engineering.”
Walter Unger

Manipulating websites or spreading fake news also counts as cyber attacks and can cause significant damage to companies. For example, it can massively damage the company’s image, which can unsettle employees, customers, shareholders, or even partners. This leads to financial losses and is especially dangerous for SMEs.

Protection against cyber attacks

For the cybersecurity expert, technological measures are an absolute must, and they must be state of the art: “This includes intrusion prevention and intrusion detection systems, firewalls, sandboxing (isolated areas), etc. These must primarily apply to computers that contain genuinely important information.” Encryption also plays a significant role. “Important data must be encrypted and have appropriate rights management. Ideally, companies should have useful encryption that everyone can use – possibly after a brief training,” advises the specialist.

But not all computers need to be protected in this way – it is necessary to assess whether the information on them requires it or not. On average, it takes eight months to detect espionage operations related to cyber attacks. But why does it take so long? “If all these systems are bypassed, and you are not being extorted, it is very difficult to detect cyber attacks. Then you may only notice attacks indirectly by the system behaving differently or data flows going elsewhere than usual.”

Unger-536×640
Walter Unger, cybersecurity expert at the Austrian Armed Forces, Photo: Innovation Salzburg

The Human Factor

In recent years, cases of cybercrime affecting Austrian companies have repeatedly made headlines. In the case of Windtec, a company based in Carinthia, disloyal employee sold know-how in 2011, while in 2016 an employee of FACC, a company based in Upper Austria, fell victim to CEO fraud. In both cases, the human factor played a decisive role. “Employees and executives must be sensitive to possible attacks, including those involving telephone calls and emails, especially through social engineering,” advises Walter Unger.

IoT as a gateway for cybercrime

The Internet of Things (IoT) is connecting more and more devices, leading to significantly more vulnerabilities and entry points than in non-networked systems. While standard systems have firewalls, smart heating, alarm systems, access controls, and similar devices require passwords and appropriate protection. Walter Unger also knows where the dangers lie in these systems: “Often, companies and individuals still use standard passwords. Sometimes the software is flawed and therefore vulnerable. Then there is 5G, which will initially be of interest to industry and companies. With such technologies, one always has to ask what happens if the system fails and something no longer works.”

Covid-19: When digitization needs to happen quickly

Due to the pandemic, many companies have been forced to digitize their processes very quickly. In this case, one should rely on the support of an experienced service provider. “For new home office situations, I advise against an unprotected, direct access to company networks. Until secure access is established, necessary documents should be taken home on a data carrier, edited with a company notebook, and uploaded again after verifying the data carrier on the next office day,” says the expert.

Telecommunications solutions like messengers are increasingly being used. It must be considered that third parties may listen or obtain the transmitted data. “And always remember: clear ‘orders’ regulate the service operation. That means clear instructions, sensitization, and maintaining employee loyalty also help in home office situations.”

To the KPMG study

Your contact for digitization

Nicole Ferber

Nicole Ferber, MSc

(on maternity leave)
Science and Innovation Ecosystem, ICT

+43 5 7599 722 33
nicole.ferber@innovation-salzburg.at

That might also interest you

12. August 2024

SBS: One Software for Many Self-Service Devices

As a leading provider of banking software in Salzburg, SBS is now exploring new markets. The company remains true to its core segment by offering manufacturer-neutral software for self-service devices in additional sectors.

30. July 2024

Meissl: Updating Established Structures

There is a great deal of know-how, technology, and experience in umbrellas—especially those built by Meissl. With the support of funding, the company has also made significant progress in the digitalization process.

29. July 2024

AI and Creativity in Focus: Highlights from the Media Summit 2024

At the traditional event of the media and creative industry, 220 people gathered at the end of July. In the prestigious Schloss Leopoldskron, the high-profile panels of the main program discussed topics such as AI, creativity, incentive funding, and algorithms in streaming TV.

5. June 2024

The Faculty of Digital and Analytical Sciences after 2 years – a review

Since its establishment two years ago, the Faculty at the Paris Lodron University of Salzburg has seen significant expansion. This was also supported by the State of Salzburg and Innovation Salzburg. On Tuesday, June 4, 2024, a review was presented at a press conference.

Our Newsletter