Fighting Cybercrime An Uphill Battle

Small and mid-sized companies in Germany are especially hard-pressed to defend themselves against cyber attacks, which are increasing in both size and scope. German authorities and business leaders have a new plan to tackle the costly attacks.
German Interior Minister Thomas de Maiziére is looking for way to stop cybercriminals.

Government agencies and business representatives will unveil a joint strategy later Tuesday to counter cyber-attacks and other forms of corporate espionage and sabotage, based on a document seen by Handelsblatt.

Interior Minister Thomas de Maizière will present the results of a year-and-a-half-long effort to help companies – especially small and mid-sized enterprises – prevent industrial spying and theft.

The attacks cost German industry an estimated €50 billion ($56.3 billion) each year.

The interior ministry has developed the National Economic Protection Strategy together with the country’s domestic and foreign intelligence and police agencies, and key business lobby groups including the Federation of German Industiries (BDI) and the Association of German Chambers of Commerce and Industry (DIHK).

The plan points to an uphill battle to protect companies from cybercriminals. Its main component, a web platform that will provide firms with advice on how to defend themselves against attacks, is still under construction.

The website, www.wirtschaftsschutz.info, will also provide information on where companies can seek help in the event of a major security breach. Germany’s intelligence agencies and federal police will also allow registered users to access a password-protected area that keeps businesses updated on current threats, as well as political unrest in key markets abroad.

69 percent of industrial companies in Germany have been victims of data cybertheft or sabotage over the past two years. Bitkom survey

The goal, said DIHK president Eric Schweitzer, is to “heighten security standards in Germany’s economy, especially for small and medium-sized businesses” by raising awareness of the dangers of cyber attacks and offering help. Under the plan, managers will be able to attend seminars to train them on how to bolster their companies’ defenses against cybercrime and how to protect business-critical information.

The head of Germany’s domestic intelligence agency, Hans-Georg Maassen, is among those who argue that smaller companies still often fail to recognize the threat of espionage and sabotage.

A new survey by the IT sector association Bitkom estimates that 69 percent of industrial companies in Germany have been victims of data cybertheft or sabotage over the past two years. The attacks cost companies about €22.4 billion each year – with damages across the broader economy estimated at €50 billion.

Many cybercriminals use ransomware that can burrow into a company computer’s hard drive – with a bogus job application, for example – and encrypt its files. To regain access to their data, firms are then forced to pay money to the hackers by transferring funds in the form of the digital currency Bitcoin to an anonymous account.

According to an unreleased survey of some 600 companies by Germany’s Federal Office for Information Security, one in three businesses were hit by ransomware in the past six months.

“In terms of quantity, but also quality, a lot is happening,” said Ralf Benzmüller, an IT security specialist with G Data. His analysis shows cybercriminals attacking a widening array of operating systems and devices. And the ransoms are growing steeper, too, making businesses with deep coffers an attractive target.

 

26 p6 Targeted by Data Thieves cyber crime internet IT electronic espionage-01

 

Germany’s current approach to cyberdefense, according to the joint report seen by Handelsblatt, leaves plenty of room for improvement. It points to “inadequate communication” and few clear points of contact with authorities. It also describes a tangle of more than 100 different programs aimed at protecting companies, with minimal cooperation between them. Moreover, according to the report, the government and businesses have failed to align their priorities on the cybersecurity front, leaving them weak in the face of sophisticated cyber attacks.

To fix these problems, Mr. de Maizière’s predecessor at the interior ministry, Hans-Peter Friedrich, sat down with industry groups BDI and DIHK in the summer of 2013. Some 70 experts were involved in regular consultations between German authorities and business representatives.

Both sides appear to be satisfied with the resulting plan. BDI’s president, Ulrich Grillo, called it a “tremendous basis for further cooperation on a level playing field.”

Sources close to the interior ministry said the project succeeded in reconciling a range of interests to forge a common approach, with concrete initiatives.

One expert said there were a number of sticking points for stakeholders to iron out before the negotiations could progress. On the government side, agencies wrangled over who would deal with which type of crime, and at which point they would share information with each other.

Lack of coordination between representatives on the business side posed similar problems. BDI and DIHK withdrew from the Alliance for Security in Industry ASW in 2011, which had been the government’s main contact point on matters of security. Though each organization set up its own department to handle security questions, representatives now say they cooperate on the issue.

 

Till Hoppe is a correspondent in Berlin. Christof Kerkmann, an editor for Handelsblatt Online, also contributed to this article. To contact the author: [email protected]