The processing of the hacker attack is likely to take weeks or months.
(Photo: dpa)
It will likely be weeks or even months before the hacker attack on Continental is fully resolved. But what can already be said is that the Lockbit 3.0 criminal group has apparently captured 40 terabytes of data, including many confidential documents. And: As far as IT security is concerned, the automotive supplier has suffered a total loss.
Valuable insights can already be derived from the questions raised by the case. The central one is that those responsible in a company must always think about the emergency when protecting the digital infrastructure. It is therefore important to gear the organization to the fact that burglars are already in the system.
This finding is not new, but it is more relevant than ever. The German Federal Office for Information Security (BSI) recently declared that digital blackmail with ransomware is “one of the greatest cyber threats to the state, business and society. Continental is just one case of many.
>> Read here: How the data disaster happened at the automotive supplier Continental
Top jobs of the day
Find the best jobs now and
be notified by email.
The first set of questions concerns the technology. How was the group able to secretly smuggle such large amounts of data off the network in a month? And why did it take management several weeks to determine that?
There are programs that automatically analyze data traffic in networks and point out anomalies – for example, when unusually large amounts of data leave the network in unusual ways. And there are systems that provide special protection for sensitive data in terms of risk management. The lesson is therefore: IT departments should not only invest in the prevention of hacker attacks, but also in their detection. Firewall, virus scanner and training for employees are essential. However, systems are also needed that monitor the network like alarm systems. This may be standard in corporations, but it is the exception in medium-sized companies.
The second question concerns communication. One day after discovering the incident, Continental informed the state data protection officer, as required. However, internal communication took place later. The supervisory board only found out about the data loss after a delay of more than a month. Why did the management take so much time with this?
>> Read here: After Conti data theft, car manufacturers are in an alarm mood
Of course: In a confusing situation, internal coordination is complex, it is important to keep an eye on the workforce as well as the shareholders. This takes a while. However, it is possible to run through such scenarios and prepare for crisis communication. The lesson is therefore: companies need an emergency plan – and they have to test it.
The third question is about organization. Fending off all cyber attacks is utopian – there is always a misconfigured server or outdated software somewhere. But why was Lockbit able to copy so much sensitive data, whether price lists, personnel files or minutes of the supervisory board?
As important as technical protective measures and staff training are, they alone are not enough. In order to keep damage to a minimum, a holistic concept is needed that provides for constant improvement. For example, organizations can hire ethical hackers to break into systems from outside – a stress test for the organization.
One last lesson is therefore: Management must give IT security enough attention and budget. This is always cheaper than repairing damage afterwards. It’s time for companies to do this. There are many warning examples, not just Continental.
More: Global hacker gangs are threatening Germany – affected companies are unpacking