What is the basis for IT security?
The topic GDPR 2018 was the reason for an exciting NTS pit stop in Vienna. On June 13th, LANSKY, GANZGER + partner (LGP), one of the biggest internationally oriented commercial law firms in Austria gave a legal insight into the challenges that are connected to the new data protection regulations. At the same time, NTS and Cisco gave their specific recommendations concerning actions from an IT point of view.
The basis of IT security is particularly the knowledge of your own vulnerabilities and their monitoring. It is important to know the present level of security in order to be able to have sufficient protection against current threats and to implement preventative steps to minimize the risks. Two talks that were held at the mentioned Cisco and NTS event can be found summarized below.
„WHO NEEDS BUGS, WHEN YOU HAVE FEATURES“
by Thomas Fellinger, Systems Engineer, NTS
In times of digitalization, we not only see the growing amount of data, but there is also a constant increase in threats. With the growing variety of attack mechanisms, the requirements for the experts that have to face these threats is on the rise as well.
Operating systems and applications, which will, without the relevant actions taken, harbour unforeseen risks, are highly “attractive” for potential attackers. USB devices for instance are now a part of our daily work routine. Today, removable storage devices, printers, key boards, computer mice or even network adapters are operating on many client systems without an interference by an administrator. Attackers are willingly taking advantage of these circumstances and they are trying to make the users connect defective USB devices to the computer. Server applications too are offering similar convenience features, which are providing important information to the invaders in order to prepare an attack
It is therefore important to know the present level of security in order to be able to have sufficient protection against current threats and to implement preventive steps to minimize the risks. To check the IT security to that effect, NTS has developed two service products: the NTS Vulnerability Assessment and the NTS Penetration Test. The NTS Penetration Test identifies security gaps by means of a targeted attack and the Vulnerability Assessment provides specific suggestions for actions to eliminate weaknesses and vulnerabilities.
„CYBERCRIME AND THE CONNECTED CHALLENGES“
by Mario Fritzer, Regional Sales Manager Commercial, Cisco Austria
The rapidly growing usage of the internet increases the danger of cybercrime. The threat landscape is not only growing bigger, the attacks are also getting more and more refined. According to the study “Cybersecurity study Cisco Austria 2016”, which surveyed 250 executives, 33% of all businesses in Austria are concerned about IT security and 50% of the executives are informed about the security measures in their company.
Sadly, cyber-attacks are an ever-present fact and companies should design their architecture and business operations in a robust way so that the topic security can be addressed proactively instead of reactively. According to Cisco, the consequences of cyber-attacks are much more then “merely” a harm to their reputation. Because of cyber-attacks, 23% of companies have lost potential orders, 29% suffered from sales drops and 22% have even lost customers.
Attackers can compromise a system by using various tactics. Next to phishing emails or modified USB sticks, ransomware is a present malicious method to encrypt information such as documents, photos and music files on the computer of a user and thus render it inaccessible. Only after the payment of a ransom will the files be unlocked and returned to the owner. Ransomware quickly developed into the most profitable kind of malware. Therewith, attackers are already extorting close to a billion US dollars a year.
How can you protect and defend yourself against ransomware? Cisco email security with AMP analyzes suspicious emails for malware. Cisco AMP for endpoints prevents that ransomware files are executed at the endpoint. Cisco Umbrella and Firepower NGFW prevent a further distribution via the internet.
Please feel free to contact us in case of any questions. Our security experts are available for your queries at any time!