Cyberwar: The underestimated danger of the digital age

Cybercriminals systematically wreak havoc on companies and cause millions of dollars in damage. Yet many firms massively underestimate the risk of attacks. “The reasons for this are manifold,” say two who need to know: Cyber experts Jochen Borenich, COO of Kapsch BusinessCom, and Thomas Stubbings, Managing Director of TS Management Consulting.

The accounts of 50 million Facebook users were recently hacked at the end of September. At the end of August, hackers stole almost 400,000 customer data from British Airways - including credit card data. In the previous year, the "NotPetya" ransomware was distributed via the Ukrainian software Me-Doc. Numerous international companies suffered great damage, including the Maersk shipping company, which lost hundreds of millions of dollars due to weeks of computer downtime. The corporation Reckitt Benckiser made a reported loss of about 111 million dollars.

The number of cyber attacks on companies increased by 40 percent from 2016 to 2017, as the Kapsch BusinessCom Cybersecurity Report shows. In the Cyber Defense Center of the IT service provider in Vienna alone, around 500,000 cyberattacks on companies are registered every day. The reason for this is the growing sophistication of artificial intelligence, which is not only used by Kapsch BusinessCom: "Hackers are also increasingly using machine learning to carry out mass attacks," says Jochen Borenich, COO of Kapsch BusinessCom.

©CC0 Licence

^{The number of cyber attacks is increasing - one reason for that is the increasing use of machine learning. Photo © CC0 Licence}

The damage can be immense. In addition to loss of data, paralyzed work processes and even the standstill of day-to-day business, the reputation and attractiveness of the company, and thus also its share price, decline. In addition to more frequently used ransomware, which is used by cyber criminals to extort ransom money from victims in exchange for stolen data, there is another major threat scenario, as Thomas Stubbings, Managing Director of TS Management Consulting, explains: cyberwar. "With hybrid warfare via targeted cyber attacks, state actors pursue national objectives. There are large resources and large sums of money behind this; the attackers are hardly detectable," says Stubbings. For companies that are affected indirectly, as in the Maersk case, this would mean massive collateral damage.

These threat scenarios are massively underestimated by most companies. "As digitalization progresses, machines are increasingly digitally networked, and the volume of data increases exponentially. This also massively increases the risk of cyber attacks," says Jochen Borenich. In contrast, spending on cybersecurity averages a meager 0.1 percent of corporate budgets - a large discrepancy. "In Austria, 98 percent of our businesses are small and medium-sized. Consequently, there is a strong tendency to buy a standard solution. Yet being out of business as a victim of a cyberattack is a huge price to pay for such a strategy. A gridlock can endanger peoples’ lives directly," adds Thomas Stubbings. It is important to actively integrate cybersecurity into the corporate strategy. By doing risk analyses, company leaders will identify real risks and define security solutions tailored to these particular risks. Thomas Stubbings puts it in a nutshell: "Saving money here can be really expensive."

©CC0 Licence

^{Cybersecurity has to be integrated into the corporate strategy - otherwise it can be really expensive. Photo © CC0 Licence}

Jochen Borenich also sees massive pent-up demand in Austrian companies. On average, it takes around 200 days for a company to realize that they have become victims of hackers. "In 21 percent of the cases, a user is the weak point," says Borenich. One click on a seemingly serious mail is enough and ransomware is already in the house. Office IT is often protected by a firewall, "but then there are still ancient, unprotected windows computers in the production facilities," says Borenich. "It's like locking the front door of a house but leaving the windows open on the first floor." He also believes that concrete measures should be taken after a business impact analysis has been done. As an additional service, Kapsch BusinessCom offers training courses for its customers' employees. "Everyone has to know the risks," he concludes.

Join 15,000 + professionals and get regular updates on leadership and management topics. Learn something new every time.