You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Nyheder & Media
Industrier & Services
Outsourcing af applikationer
Outsourcing af infrastruktur
NNIT Digital Together
Kunder & Cases
IT for life sciences
Om Life Sciences
Valiance – an NNIT Group Company
Your career at NNIT
Make your mark
Your future workplace
Start your career
Beware of the RATs (Remote Administration Tool)
A 4-step approach to protecting your sensitive data with Data Access Governance
How to Keep Industrial Computer Systems (ICS/SCADA) Running in an Age of Cybercrime?
Control Your Security & Privacy in the Cloud
Identity and Access Management becomes a top priority due to the EU GDPR
What to watch out for in IT Security for 2017
Steps to protect you and your organization from Phishing - yes, we need protection, all of us!
10 Steps to Successful Patch Management Framework
On Cyber Warfare
Cybersecurity Awareness – The First Line of Defense
The security risks of black box technology
The Fine Art of Aligning Business Strategy and Information Security Strategy
Privacy – why it is worth fighting for
The C.I.A. of application security!
Building a sustainable defence: How to secure your operational technology (OT) environment
Migrate to Cloud Services without Jeopardizing Security and Compliance
The Devil is (often) in the Software
By Helge Skov Diernæs , IT Management Consultant at NNIT A/S
Some time ago, the German telecommunications company Deutsche Telekom created a group of 180 “Honeypots” to lure in IT criminals and then study their operations. The Germans were concerned about reports of increased IT criminal activity on German networks
and the Honeypots are useful for intelligence gathering. They resemble ordinary, everyday company servers, often a bit more vulnerable, and typically contain outdated or bogus information. The resulting activity maps are quite fascinating and available
Hiding in the crowd
Based on the data gathered, Deutsche Telekom estimates that these days up to 15 million IT attacks per month hit German companies and private citizens. Much of it is scouting activity where automated scans of huge swathes of networks uncover known technical vulnerabilities, and then create hit-lists for human operators to pursue in directed attacks. With such an approach, seeking safety from Cyberspace crime by hiding in the crowd becomes difficult.
The Internet of Things
One reason for the increasing criminal activity in Cyberspace is the multiplication of targets driven by the rising connectivity of devices in both business and at home, the much-touted Internet of Things. This term covers the trend of connecting appliances such as alarm systems, television sets, cars, coffee machines and similar devices to the Internet. It offers significant legitimate benefits to users, such as software updates, remote support and remote control. The downside is that by connecting to the Internet, all these wonderful appliances also spawn additional potential entry points for IT criminals.
Money is another strong lure.
There are significant financial gains to be made by IT crime
today, for a very limited risk and at a low cost compared to more traditional criminal activities. The valuables accessible online, from intellectual property, patents, entertainment, bank accounts, and so on, has attained stupefying proportions on a global scale.
The weak est link
The ways to corporate treasures can be winding. It may go by an employee's 'home network', but once inside, IT criminals can start looking for clues about how to enter the corporate networks. These clues may lie in automated logon scripts with hard-wired passwords, be gained by monitoring the user’s keyboard entries during their logon sequence, or by adding viruses to legitimate files, which are routinely copied to the corporate network by the user, and so on.
The employees may be insufficiently prepared for the caution they must now exhibit. Business partners may not prioritize IT security sufficiently for cost reasons. The consequence is additional potential routes for IT criminals to gain access to company valuables, including research data, customer databases, business algorithms, or simply to enable the criminals to cause costly disruptions to business operations.
The IT Security Strategy
The risk will not go away. But like any other risk, it can be mitigated. Because the IT security risk to financial results and company reputation is real, a clearly defined IT security strategy must state management position on IT security risks, including a risk assessment of the different parts of the business landscape.
This strategy drives coherent investments in IT security technologies, processes and awareness across the enterprise to address clear, prioritized goals. If funds are scarce, they must be spent where they can do the most good.
A strategy can reduce uncertainty, ensure alignment across the company and build the foundation for changing the perception of IT security from a ward against a shadowy menace to a well understood mechanism for reducing a significant risk of doing business.
It’s a risky business, indeed. But it is manageable.
About NNIT Security Insights
This is an article from NNIT Security Insights, a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.
NNIT has its own Computer Emergency Response Team (CERT). If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage.
You are welcome to contact us at firstname.lastname@example.org if you want to know more about how NNIT can help your business increase its information security level.