Contemporary IT security calls for suitable precautions at all levels. To do this, companies not only need the right information, they also have to get their workforce on board.
With around 700 exhibitors, it-sa 2018 is an ideal trend barometer. It is becoming very clear that IT security is a management issue and board-level responsibility. Information – e.g. on stolen company data – is an important basis for decision-making at this level.
Those data thefts that have been detected are “increasingly meeting new orders of magnitude” writes the German Federal Office for Information Security (BSI) in its Annual Report 2018 published at the time of it-sa. The report also says: “More and more, data collections are being traded on the IT black market, involving billions of stolen digital identities.” Many companies would like to know whether these include their own login data or whether their valuable trade secrets are currently being offered in the cyber underground. They would also like to find out in advance about planned attacks. Although targeted attacks in cyberspace often occur suddenly they are planned a long time in advance. This is why advance information is important to minimise damage.
This is exactly what threat intelligence is supposed to do, and the large number of solutions on offer at it-sa shows that this is very much a hot topic. Threat intelligence generally describes a service that collects preliminary and background information. Nevertheless, the portfolios of the various vendors differ considerably. In the simplest case, they simply provide notifications about acute security announcements from CERTs (computer emergency response teams) or major software manufacturers like Microsoft. Other providers use their own tools to scan known repositories in the internet such as Pastebin or certain trading forums in the Dark net. They also trawl through social networks for hints and trails. The quality of the tools determines the outcomes and the price. More elaborate packages go much further and employ their own analysts to sift through the results and join up the dots. Premium service providers also have links to the cyber underground or contacts in closed forums in which malware is sold and attacks offered. However, these services are so expensive that they are generally used only by large companies, particularly from the financial sector, and by government bodies.
In this year's annual report, the BSI has also highlighted another aspect: gradually, management boards are realising that “for comprehensive information security the human factor is also important”. This is why more than half of the companies polled said they held regular training on cybersecurity for their employees, “although some 30 percent of respondents said that IT security training did not take place at their companies and was also not planned”, says the report.
In the meantime, these kinds of training programmes constitute their own market segment described as awareness training. Training providers offer various overall concepts designed to create an awareness of the risks among employees. The training is mostly done using our own tools and on special online learning platforms. The participants first of all receive fabricated phishing emails to check whether they click on the links in them. Some providers target the individual employees very specifically. This seems to work well, because providers that check the awareness level afterwards identify significant improvements.
You will also find news about all aspects of it-sa and the IT security environment in the it-sa Security Newsletter.