Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

Why we need to think differently about cyber security in 2019

By Hendrik Jansen  - January 31, 2019

Typical notions of cyber security

When most people think about cyber security, they think about passwords. Passwords that are a bit more difficult than 123456 or QWERTY. Private individuals tend to select a good router for their home internet connection with focus on aesthetic design without any wires and with WPS (Wi-Fi Protected Setup) to avoid all that "difficult" typing according to the kids who veg out by consuming Netflix.

The more advanced tech aware person will consider installing a firewall and perhaps a freeware antivirus program. They think that's enough to defend against an attack. And when they think about cyber attacks, they usually imagine a very skilled team of hackers brute-forcing their way into a home or business system, not unlike robbers breaking into a bank vault.

But it doesn’t take much research to learn that in today's era cyber attacks are way more nuanced, and leave far more people vulnerable than imagined. And in the near future (months not years, quarters not decades), the average cyber attack is going to evolve even more. I believe that Moore's law applies here as well (to a degree there is an exponential factor involved).

If we want to prepare our businesses for these threats, and protect ourselves as individuals, we need to change how we think about cyber threats.

New Types of Attacks and the Lack of Experts

For starters, we need to start preparing ourselves for new types of attacks. With the rising diversity of entry points (endpoints, devices and software), preparing for conventional attacks isn’t enough. Today’s cybercriminals are remarkably intelligent and lazy, so they buy cheap and proven tools from the dark web, and all it takes is a single vulnerability to compromise and exploit an entire system.

Because there are so many possible attacks, and new attacks just waiting to be created, we need to spend more time sourcing and training the right tech talent, rather than just building bigger and better defensive systems. Security experts with experience in many different areas, with the ability to think flexibly, will be far more capable of responding to novel threats than their short-term-goal-focused contemporaries. But these skills are scarce in the market, so the costs for these skills are rising. Secondly, these types of cyber security experts are looking for continuous challenges, that's why they prefer to work with Cyber Security companys rather than a regular business. That leaves a shortage in the market of an estimated 2 million cyber security experts. Good luck fighting those odds as a business.

Rising Volume

We also need to consider the rising volumes. Cyber threats are growing to be more in volume as well as in threat level. They’re growing regarding damage potential and probability (technology change factor x volume change x sophistication change). Thanks to the prominence of mobile devices and the growing influence of the internet of things (IoT), there are billions of connected devices around the world, and each one of those devices is potentially hackable.

There is also a growing number of people with the right motivation and resources, who could easily attack a device across the globe. Add that to the number of countries with minimal (if any) restrictions meant to prevent a cyber attack, and you have a recipe for a disaster.
My personal prediction is that we are only looking at the tip of the iceberg right now.

Finally, consider how much a cyber attack could hurt us. That is the fundamental question that any CEO, CFO, CIO, CISO should be asking in the business. We’re entering an era where nearly everything we do involves an internet connection or a digital device. Hurray to the digital transformation - pushed and hyped by the same technology vendors that failed to protect you in the first place. When IT components get compromised, it becomes nearly impossible to get the resources you need.

Individual Empowerment

In addition to taking the possibility of a truly large-scale attack seriously and investing in better cyber security talents, we also need to educate people at the individual contributor level. The employees and staff with limited tech knowledge, who still rely on these devices on a daily basis are meant by that. If they choose weak passwords, fall for schemes, or otherwise allow themselves to be vulnerable, they become easy targets that could lead to the collapse of a much bigger system. Every digital network is only as strong as its weakest chainlink, and it's about time we acknowledge that.

It’s not easy to change how you think about a given problem, but simply educating yourself is a good first step. The more basics you learn about the world of cyber attacks and cyber security, the more accurately you’ll be able to think about your protection and the protection of your company.

You can also help your own cause by investing in better cyber defenses, like the agileSI™ solutions for SAP® Security.

The sooner and more thoroughly you invest in your defenses, the less you’ll have to worry about, the more likely hackers will pursue easier targets.

How fast do you need to run in order not to get eaten by the tiger? Just a little bit faster than the slowest person in the group! Want to know how fast you are running when it comes to SAP® Security?

Talk to us about the possibilities of:

INSIGHT SERVICE - Security Maturity Assesment for SAP® systems



Want to learn more? Contact us here!


Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer