Cyber security measures are a Hype
For some time now, the media has paid an enormous amount of attention to the issue of cyber security. On the one hand, this is due to the fact that the number of cybercrimes has been continuously rising for years. Official statistics published annually by the Austrian Criminal Intelligence Service refers to a 30 percent increase in the number of reported cases in 2016 compared to the prior-year level. Naturally, it is assumed that actual number of unreported incidents is much higher. On the other hand, the European Commission realized a long time ago that the potential threat to the economy and society is much more serious due to digitalization and increasing networking. For this reason, there is clearly a need to take action. This is demonstrated by the increasing research budgets for cyber security in all affected areas, whether energy, transport or production, but also with respect to national defense or cyber defense. Universities, competence centers and research companies are responding to the high level of demand for new solutions. For example, in January 2018 a separate competence group for cyber security and defense was set up at JOANNEUM RESEARCH.
Small and medium-sized enterprises in particular, do not have specially trained personnel in their IT departments or their own IT security units. They frequently face the issue of which fundamental measures can minimize the risk of being harmed by cyberattacks.
One of the key approaches involves enhancing the security awareness of the employees. Sophisticated technical measures are not capable of providing comprehensive protection when people do not play along. In this regard, password security and dealing with phishing attacks are important aspects of employee training.
Experts have long agreed that it is currently impossible to completely repel attacks only on the basis of technical measures. Accordingly, the issue of data backup is gaining in importance in connection with cyberattacks. A data backup concept and its resolute implementation not only protects the company against data loss in times of technical defects and operator errors. The increase in successful attacks with ransomware shows that there is still quite a need to catch up here.
Encryption is also an issue which is unjustifiably considered to be unnecessary or hardly feasible. Encryption plays a key role, particularly in connection with the storage of a company’s critical data and with respect to mobile working with mobile phones, notebooks and tablets and the use of cloud services.
It will soon become a problem to close our eyes to all this, also from a legal perspective. This is because the EU General Data Protection Regulation (GDPR) will take effect on May 25, 2018. It stipulates specified documentation and due diligence obligations with respect to personal data and correspondingly high penalties for non-compliance.