Nine out of ten companies are victims of data theft, espionage or sabotage. Practically any company can become a victim, from a small tax consultant to a major international corporation. The extorted ransoms reach ever more dizzying heights and lead many a company into insolvency. Which actors and structures are behind the cyberattacks and, above all, how can one protect oneself? That's what we asked Andreas Persihl. He is owner of Hamburg-based CAPERIUM GmbH, which specialises internationally in crisis analysis, prevention and defence.
Everyone is talking about cybercrime. Is the situation really that bad?
The risks posed by cybercrime have taken on such an enormous dimension in Germany, Europe and worldwide that it’s appropriate to speak of a serious threat. The danger of an attack is very real, especially for companies that are in a position to pay high ransom demands or critical infrastructure operations. Often, companies take quite a while to realize that they have become victims. If a ransomware attack suddenly paralyses the company and the back-ups have been encrypted, this usually results in a business interruption. Many do not survive this.
What exactly is cybercrime?
The term subsumes various forms of crime. What they all have in common is the intrusion into other people's IT systems and structures, as well as spying on and manipulating them. There is also a wide range of motives, from the intention to make big money, to the need for power and control, to political or sexual goals. Some perpetrators act just for fun, others out of greed or revenge. Sometimes state-controlled hackers are behind the attacks, and sometimes they are commissioned by other criminals.
The risks do not always come from outside via the IT systems; often, it is due to internal process difficulties or users who unintentionally give the hackers access. Today's digitalization pressures have created many open flanks in companies, which could be the coffee machine in the office or the remote-controlled copier for example. But remote controls, email attachments, USB sticks or software or service providers bought via third parties are also vulnerabilities that make it easy for hackers.
Digitalisation is, as you say, an important risk factor. What else is there?
Due to political developments in recent years, Russia has become a real hotspot for international cyber-attacks. But also countries such as North Korea or Iran or other rather authoritarian states are attempting to bring a young elite of cyber experts close to military intelligence or other abusive purposes in order to specifically attack companies with the software available on the market. Many of these states now also use cybercrime to obtain foreign currency in this way.
Who benefits from this ultimately?
You can't say exactly in individual cases. Actually, cybercrime and hacking via a franchise system work in much the same way as an application to McDonald's or Vapiano for a restaurant license to operate a restaurant and then pay a name license fee or other fees and prove yourself on the market.
Cybercriminals working for Russia, for example, are usually well protected by the intelligence services there and can thus act quite freely. Accordingly, one can assume that the ramifications of enrichment in Russia reach far into the political, military or intelligence systems and that everyone there somehow gets their share.
Does this mean that, basically, the Russian state is attacking German or European companies?
One has to differentiate here. In fact, there is a lot of expertise and the best state support in Russia to carry out such attacks as part of military or intelligence activities. However, this subculture of hacking has taken on a life of its own and many people from the political or military elites now want to make money from it. In our estimation, it has got completely out of hand. The state has cultivated groups there that are difficult to stop.
But China is also still a major threat because there is a lot of professional know-how there for hacking companies. China has distanced itself strongly from ransomware attacks and Chinese hackers are certainly more under control in their country than Russian hackers. Nevertheless, the danger of Chinese attacks is by no means smaller. On the contrary, they are usually much more subtle. The knowledge that is tapped from high-tech companies, for example, is used to strengthen their own economy. This means that, in principle, Chinese hacker waves still remain covert for our industry and the damage may only be visible in five to ten years.
Are there also successes in the fight against hacker gangs?
Sure there are, some larger groups have more or less disappeared from the market. Some top hackers from Russia, who were very aggressive, were identified by the Americans and rewards were offered to establish their whereabouts or personal details. You can see the corresponding search attempts on the FBI's website.
The biggest problem, however, is the lack of legal enforcement in countries like Russia. Usually, the perpetrators can live a comfortable life with their extorted ransoms, in some cases amounts of up to several billion US dollars or euros are called up here, which travel around the globe via crypto accounts, safely and without fear of extradition treaties. There, protected by the secret services, they build up a new identity. And then the money flows back into the legal economic cycle, with the perpetrators buying ships, houses, helicopters, planes or jewellery under new identities, for example.
Are German companies prepared for such threats?
If they were prepared, such exorbitant sums would not be changing hands at the moment. Company managers should therefore urgently seek advice on where they have weak points and switch to an IT security architecture that is pragmatic but sufficiently professional. This also includes unencryptable backups.
Assuming that perpetrators install their malware three to six months beforehand in the company and obtain administrator rights via various accounts before the attack is even noticed by the victim, then it quickly becomes clear that even as a medium-sized or larger company, you need backups to access the data from three, six, nine or twelve months ago. Or that you have to check everything again for malware before importing data.
How can enomyc support such processes?
enomyc often comes into play when companies, for whatever reason, are standing with their backs to the wall. In such situations, there are usually also battles over budgets, costs and priorities. When companies are threatened with insolvency as a result of a cyber-attack and are additionally confronted with the requirement to meet high ransom demands and invest in a completely new IT infrastructure in a crisis situation, they are usually quickly overwhelmed from a cost perspective.
Here, enomyc has the necessary foresight and can help to set the right priorities in this digital transformation.
Apart from the acute crisis, enomyc can also analyse the risks of digital processes and their complexity and advise companies accordingly. Companies that are already struggling and in restructuring processes must be doubly protected, because the data needed for the continuation forecast or other expert opinions must be accessible at all times and protected against possible encryption. Especially for companies in crisis, appropriate advice is certainly a worthwhile investment.
Another issue where I see a valuable contribution of enomyc is the coaching of the management team for a cyber-attack. This is about management qualities, soft skills and very specific skills that managers need in such situations. enomyc can help to set up appropriate crisis teams, establish responsibilities and define processes to keep the chaos phase as short as possible in an emergency.
Thank you very much for the fascinating interview, Mr Persihl.
CAPERIUM was founded in 2008 as a specialized consultancy for companies, authorities, institutions and private clients to professionally manage the increasing needs from the topics of compliance, security, investigations, forensics and integrity as well as the associated challenges of today. As a confidential and strategic partner, CAPERIUM supports companies and exposed families in all forms of criminal attacks and offers a highly specialized confidential business field to support negotiations in special stress situations such as criminal attacks, the acquisition or sale of companies (mergers & acquisitions) and conflicts of any kind.