Look when privacy from small and medium-sized enterprises
The handling of modern communication media can be risky. There are not even the primary schoolers around this profound knowledge today.
The Berliner "Framework School Basic School Section" Write (PDF):
At appropriate topics, the schoolers successively followed the use of computers, data collections and Internet. Thus, the subject lessons prepares the use of these tools in other specialists. With increasing security in dealing with different media, the Schuleren and Schuler are also sensitive to their risks and learning to use them responsibly. They acquire those skills necessary for creating their own media products.
Safety – (k) a topic for computer scientists?!
AHA: The primary schoolers create their own media products and should learn to deal responsibly with the associated risks. Our own media products should also create the students of computer science. The responsible handling of the risks seems to be secondary for the designers of the study plan: "Today, graduates can complain about computer science studies without having to deal with IT security ever", The club set "Germany safe in the network E.V." (DSIN) in a press release a few weeks ago and demands:
10 percent of every computer science lecture – 9 minutes – should be omitted for IT security.
The DSIN is not any one – just as the organization pays Deutsche Telekom, Google and Microsoft to its members. If even the computer scientists do not give a greeting for the risks associated with the digitization of the company – why should that be much better in the curriculums of engineers, architects, medicines, law firms, and tax advisers? Where should artificial securities advisors, real estate administrants, social security investigators and financial officials should know what they should do better?
Studies open weakness at SAP developers and administrators
However, the conscious behavior of each individual roller owner is important before we depict the real world in virtual; The professions mentioned should participate in this transformation significantly – they should develop software, implement or use software
- to control industrial equipment or
- Personal data from patients, clients, customers, insured persons and taxpayers to process.
The errors of the developers can then add to a massive problem with those of administrators and users. Example SAP: The Russian security specialist Erpscan has paid for 2000 security messages of Walldorfer. Two-thirds are at least critical and demanded after a quick solution.
The development of virtual patches in Walldorf probably runs well as at the swurch – but those who are supposed to capture the patches in place in the companies seem to be surprised: the security company Onapsis has examined the systems of 600 SAP customers and wants to have found out , that "none" the prudent company "Completely" had been up-to-date with the last patches. The consequence: "More than 95 percent" The examiner could fall victim to espionage, sabotage and fraud attacks." (PDF)
So Juan Perez-Etchegoyen from Onapsis nevertheless understanding for users: "SAP works very hard on the security and you are fine, but the customers have to be able to come afterwards." The more powerful the system where the compromised computers is connected, the gross Damage – Sachar Paul, Fruher Senior Vice President Product Security of SAP AG, says:
The difference with ERP software is that the rough of the shovel increases significantly. If you have access to a system of this rough, the security is more critical.
Security expert believes the "Digital Erstschlag" be possible
Plasticier describes Rainer Baumgart, CEO of Essen company Secunet’s situation: "As close to companies, companies have never been to their customers and partners, but meanwhile, the potential for threats is so gross that the digital confusion in the field of potential."
This realization had to save the Olzonzern Saudi Aramco Bares money – in the summer the company was attacked and self-appointed taders threw themselves, they had 30.000 computer "Completely destroyed".
Steffen Bukold, Analyst of EnergyComment, an advisory house for Olm markets in Hamburg, fears "GAU" the olindustry, "if Saudi Aramco for a standstill" joke. This is not the case – lively the Group should be the largest olforders in the world.
The users must also be before "Social Engineering" protection!
For the safety of the systems, however, not only developers and administrators are responsible – the consulting company IOactive has recognized:
It does not matter how sure you make a computer, you can rely on it, find a person compromised this computer.
Thus, the users are meant. But how do you bring a stranger to a willing behavior? Sarah Granger describes very vividly on the example of a freight forwarder, how meticulously prepared the employees of a security firm in order to be attributably with the support of the forwarding staff but without any authorization access to the Buro of the Finance Director:
By recovering small quantities of access information, stucco for stucco, from a number of different workers in this company. First of all, they had studied before they tried to put a FUB on the company’s business: they called in the Human Resources Department to find out the names of the key persons in the company, then they claimed to have lost the key to the entrance and A man love her.
Then ‘lost the company’s card as they wanted to enter the secured area on the third floor, laughed, and a friendly employee opened the door. The strangers knew that the financial boss was not in town, so they were able to enter their Buro Buro and deduct financial data without his knowledge of his unclosed computer.
For the criminologist Rob McCusker from the North-East English Teesside University since 2006, it has been the case that the permanent availability of personal information of all kinds plays the criminals in the hands (PDF): "Personal information about clients and customers are increasingly documented digitally – and […] distributed. The distributed digital identities represent confidential information in the Ather, which are only protected from exploitation by the security processes of the respective organization. The extraction and abuse of such information will probably be the basis for the art threat of the cybercriminality."
Safety level deteriorated
Thus we are we are with the small and medium-sized companies. The doctors, law firms, architects, carriers, real estate agents, engineerburgers, personnel, tax and corporate advisors. "Germany safe in the network" has determined:
The use of e-mails and mobile advances has been established flat in medium-sized companies. At the same time, the level of security has deteriorated in exactly these areas. In particular, micro-enterprises (under 10 employees) use the new technologies now self-resistant, negligible but security aspects.
Examples show how users in small and medium-sized companies must bring about the security of their data: The patient data of a physician will be closed by the Internet and blackmailed by the doctor. In the hospital of the Autostadt Rastatt will be 100.000 patient data sets stolen. After a denial of service attack, the client data is open to a law firm. A real estate manager pays 15.000 US dollar for the loss of 600 customer data counters.
The Bank Morgan Stanley warns 34.000 customers of his investment division due to the loss of names, addresses, account and tax identification numbers, with the revenue generated at the Bank in 2010 and partly also the social security number. Of the "Executive search"-Consultant Korn / Ferry Receive again after 2005 uninvited visit Uberset. What came for and how much data was lost in 2012 is (still) unknown. In any case, 32 should.500 people have been affected.
Also doctors, salaries, real estate administrants, investment banks and brew money hail, sometimes look at a fine clientele whose data should be sacred to the right-minded collectors. Especially with the profiles of "Executives" From Korn / Ferry this will be clearly – this group of people MUB permanent security measures: when traveling or at home.
Not free of charge: with the "gross fishing" Make the attackers ever taking the Muhe, Principles to photograph and sketch the alarm systems or make nude photos, of persons who are in supposedly protected environments.
In doing so, playfully increasingly drones are used. With its ongoing data incontinence, the HR consultant Korn / Ferry has accepted the attackers a coarse part of the work now.
In the lawsold in the US, the knowledge has spoken around, they were "in siege". In this country, Ladest and other SMEs were well done to take over this knowledge.
Fuhrungsfarte threaten her employers and business partners
But not only the immediate booty is – for example because of particularly high credit lines of those affected – particularly fat and misuse particularly well for an identity theft: the prey could still trim with the red carpet for the next time. The security service provider First Watch Technologies blinded:
An employee trying to recover from an identity theft is, of course, distracts and can only be confronted in his work, which restricts the productivity. In addition, the victim of identity theft can as a security risk for its employer as an employee, which is indeed stealing identities.
The same is also valid for the business owners – he too is becoming "Trojan horse", if he is no longer free Lord of his decisions.
Create complete digital personal dossiers
The already massive threat potential can be increased in addition to combining data from different sources. The security specialist McAfee expects (PDF) that the criminal art will be able to form detailed profiles of decision-makers and other target persons.
For this purpose, so McAfee, blogs, press releases, magazines and magazines, corporate databases and social networks are researched to find details from the professional and private life of those affected, access to identifiers, passwords, financial or financial or. Create system information and other sensitive corporate data. In the context, certainly the weak automates take advantage of taking advantage of the evaluation of the captured databases.
in the "Internet of things" Communicates everything with everything
But the considerations for the future are already much further: The Internet of Things should "intelligence" of people not only in phones, but also in cars, houses, electricity grids and other user products are outsourced and everything should communicate with everything. The problem: When the car "woman", Who sits at the wheel (for example, by the stored position of the "intelligent" Car seats), can be used with the help of the acceleration sensor of the "intelligent" Telephone for the driving behavior of the target person.
Aquivalent applies that for all other sly accessories with which we quantify ourselves. I fear that these applications will be delivered again as a beta or even alpha version of ordinary customers. Also that plays in the hands that exploit the aquf criminal way.
The Schufa says that the identity theft has one "Threat for the existence of the future economic life" represents. We will only be able to avoid this development if we learn to deal responsibly with the risks. Just like the Schuler in Berlin’s elementary schools.
Joachim Jakobs is the initiator of the campaign free + fit in the web 2.0. In the context of the one-year campaign he holds in the coming year detelition forward for privacy and security. The initiative is supported by the Federal Association of Security Economics and a Funf-Headed Scientific Advisory Council.