The human element: Strongpoint or weak link?

Hackers are able to pinpoint every single weak spot when attacking the IT system of a company or other organization. Ingo Legler, an IT security expert at DEKRA, explains how organizations can protect themselves and what cybersecurity can achieve.

The most important factor for cybersecurity is the behavior of the human. Photo: Fotolia - alphaspirit

Ultimate strongpoint or weak link: Humans are the crucial factor in cybersecurity. Photo: Fotolia – alphaspirit

DEKRA solutions: Mr. Legler, are cyberattacks on the rise or does it just seem that way?

Ingo Legler: As the level of interconnectivity increases, firms are naturally at greater risk of cyberattacks. And they are indeed on the rise. But thanks to the spectacular cases documented by the German Federal Office for Information Security, people are also becoming increasingly aware of the threats contained on the Internet.

Are security precautions such as firewalls and virus scanners enough to keep us safe?

These fundamental measures are, of course, absolutely essential. And the same applies to the correct browser settings and regular software updates, which eliminate vulnerabilities in IT systems. Depending on the level of protection required, it may be necessary to take other measures too. Anyone who relies solely on hardware and software to keep them safe is not going far enough.

Why?

Because humans are the crucial factor: if they are careless or negligent, they can become the weakest link. If they handle IT systems sensitively and carefully, however, they can also be the ultimate strongpoint.

How can employees be ­encouraged to protect against cyberattacks?

With a never-ending cycle that involves raising awareness, informing, and training. Memorable, real-life case studies can illustrate why there are certain rules and that each and every employee is responsible for observing them. This is the only way to build up acceptance. It’s not enough, by the way, to just point out the risks at a one-off event. Every organization has to keep their eye on the ball when it comes to data security.

Ingo Legler is an IT security expert at DEKRA. Photo: DEKRA

Ingo Legler is an IT security expert at DEKRA. Photo: DEKRA

And that’s the data protection officer’s job, right?

If only! Delegating is the wrong way to go about it. Information security is a job for the management, with executives serving as role models. Otherwise, the organization won’t have the correct mindset. And it starts at the highest level!

What role is played by the General Data Protection ­Regulation?

The GDPR, which came into force in May 2018, reversed the burden of proof and changed the rules governing accountability. It mandates meticulous documentation of all measures in the area of information security. However, a recently published forsa survey conducted on behalf of DEKRA shows that there is still plenty of work to do. When it comes to specific provisions, many employees admit that there are gaps in their knowledge.

Is DEKRA well prepared?

As an independent expert organization, it is incumbent on us to be a role model. After all, people have to take us seriously when we offer our services in this field. With DEKRA 360° CyberSafe Solutions, we offer a comprehensive suite of products and services for the reliable protection of data, IT infrastructures, and processes. From professional support through to detailed analysis of risks and weaknesses the first step toward IT security.

Are there still situations in which the law goes out of the window?

There certainly are. Take the open coaches on mainline trains (usually in first class). Here, you’ll often find attorneys loudly dictating the details of cases and naming the defendants, the offense, and any witnesses. Or how about a successful key account manager who, overcome with emotion, tells their coworker all about the contract they have just secured with a sensitive public-sector client? Unfortunately, situations like these still happen.

Stop. Think. Click?

The IT security advice that DEKRA gives its customers is, of course, just as valid internally: safety first! And the human element is a crucial factor in terms of defending against the dangers of cyberspace. Although it’s impossible to imagine day-to-day working life without e-mails and attachments, they harbor risks that all DEKRA employees need to be aware of. With this in mind, the experts from IT Security launched the campaign “Stop. Think. Click?” a while ago, the aim being to guard against complacency. All employees should be familiar with the risks posed by viruses, Trojan horses, and phishing and be able to exercise the necessary caution.

For the latest updates on IT security, please visit the “Corporate Information Security” community on Connect.

Related articles
 
Magazine Topics
 
Newsletter