In recent days, the BSI (German Federal Office for Information Security) has observed a distributed denial-of-service (DDoS) campaign against selected targets in Germany, including airport websites, specific targets in the financial sector and federal and state government websites. While this type of cyber attack is nothing new, in 2023, the BSI expects all critical infrastructure assets to be a potential target, and is thus calling for increased vigilance and responsiveness.
Even standard protection measures against DDoS attacks can prevent serious repercussions, knows Jens Westphal, expert for cyber security at msg: “One proven measure is information security management systems (ISMA) that are loaded with a stringent zero-trust strategy. While ISMS are responsible for guaranteeing basic protection and closing the usual gateways used by cyber criminals, zero trust is intended to mitigate human errors,” explains the IT expert.
In fact ISMS are already mandatory for critical infrastructure companies and institutions and according to msg-internal estimates, 60 to 70 percent of companies in Germany already use them. And with the Cyber Resilience Act and the announced KRITIS umbrella law, the EU and Germany are talking important steps towards greater cyber security.
In the case of distributed denial of service (DDoS) attacks, Westphal believes that the state would also be needed to thwart such attacks at the central points, the information highways. For example, by obliging the operators of information highways to take precautions to prevent DDoS attacks at central network nodes or junctions – and this without additional costs for connected companies or organizations. You can read more about possible government assistance in the fight against cyber criminals in this article „Das Internet als Kritische Infrastruktur“ (the internet as critical infrastructure, (only available in German) published in Tagesspiegel Background.
Security expert Manuel Büttner also knows the serious impact that hacker attacks can have: “Cyber attacks are ubiquitous. We don't see them. That makes it difficult for many people to understand them. But the damage to the economy is estimated to be approximately 200 billion per year. This is a dimension that is difficult to grasp. A lot needs to be done here – technically, organizationally and humanly – to meet these challenges.”
Büttner and Westphal discuss the current challenges in cyber security in the msg podcast “radically digital”. In the episode “Surviving the Cyber Security Arms Race”, they address the question of how companies should behave in the resource-exhausting arms race with cyber criminals and state cyber armies.
It is available on the familiar streaming platforms Spotify and Apple podcast or directly on the msg website: https://www.msg.group/radikal-digital