Secure networks with modern IT security

The growing interconnectedness created by Industry 4.0 and the IoT has led to an increase in the number of potential targets for attacks by cybercriminals. For this reason, companies need to continuously put their IT security to the test, while keeping an eye on four areas.

According to a report from the German Federal Office for Information Security (BSI), the risk posed to computers, smartphones and IT systems by cyberattacks grew significantly in 2016. Criminals are increasingly using the weak points in software and devices in order to steal information, sabotage business and administrative processes, and get rich. The dangers posed by blackmail programs in particular – “ransomware” that is used to encrypt data and then only release it in exchange for a ransom – have significantly intensified.

The breeding ground for developments like these is the increasing digitalization and interconnectedness accompanying developments like the Internet of Things (IoT), Industry 4.0 and the “smart everything” trend. They provide cybercriminals with new targets on an almost daily basis – from IP cameras to connected coffee machines to production machines equipped with sensors. One major source of problems is botnets, which are networks of thousands of devices that carry out DDoS attacks (Distributed Denial of Service attacks) that target one point in a company. They can mean that your online shop no longer functions, supply chains are interrupted, or management elements within production chains are incapacitated – which can also endanger employees in a worst case scenario.

All network-capable devices must be secure

A French web hosting service was the victim of the worst deliberate server overload caused by a DDoS attack, which also lead to a server failure. This cyberattack reached a volume of up to 1.1 terabytes per second. This led to the company stepping up its investments in IT security – because classic defensive measures were also losing their effect.

No matter whether companies are equipping their machinery with sensors, using social media or storing data in the cloud, the need for IT security is growing as a result of digitalization.

The need for IT security is increasing in all sectors and in all companies, no matter their size. According to a recent Forsa survey carried out by the German Insurance Association (GDV), more than one in four SMEs (28 per cent) has already incurred financial or material damages due to cyberattacks. Manufacturing concepts, budget accounts, personal details and credit card details – all of this is relevant information that requires high-level protection. Even if this data does not seem critical, criminals can use data that companies see as irrelevant to make money by blocking access to it and then demanding ransom money, for example.

IT security: covering all of the important areas

Companies need to make sure that they continuously keep their security systems up to date, no matter the industry – and the IT security experts from Lufthansa Industry Solutions can provide the right advice to help them do so. As specialists in IT security, they work closely with the relevant industry experts in order to cater to company-specific security requirements as efficiently as possible.

Lufthansa Industry Solutions bundles the various facets of IT security in four areas.

Secure process architecture: setting up a high level of protection

Secure process architecture deals with the conceptualization and implementation of information security management processes in line with established standards (in particular ISO 2700x and IT baseline protection), where we take customized requirements on site into account at all times and suggest appropriate solutions. We also consult with customers about the best way to set up their technology portfolio.

Security by design: operative solutions for mobile security

Security by design deals with the conceptualization and implementation of customized and standard operative security solutions. This includes security monitoring solutions: letting companies know that they have been attacked as soon as possible. The security consulting team is a partner that is not tied to any manufacturers in particular. The work it carries out focuses on the areas of IoT security, network security, identity and access management, and mobile security.

Auditing: ensuring compliance and fulfilling security regulations 

Auditing entails carrying out security compliance audits in line with industry standards such as PCI DDS. We also help companies with privacy audits in order to ensure data protection and data security. With the help of these audits, we can find out, for example, whether the company’s employees are complying with security regulations or if there are discrepancies.

Advanced cybersecurity: armed for emergencies

Defensive cybersecurity comprises emergency responses, simulations and follow-ups. This is where we use forensic IT methods to take a look at what has happened, how far the attacker was able to penetrate the system and what they have stolen after a cyberattack has taken place. Offensive cybersecurity is also important. This is where we ourselves play the role of the attacker in order to test existing systems during penetration tests, which let us show companies what plausible cyberattack scenarios look like and how attackers might carry them out. This also helps companies to improve their own IT security and arm themselves for the future.