Start-ups can use these methods to protect themselves against Russian hackers
The war between Russia and Ukraine is also taking place on the internet. This also threatens German start-ups.
The war in Ukraine is not just the image of bombs, dead bodies and destroyed homes. It has also long been taking place on the internet. Experts are talking about a cyber war that is brewing. Hacker attacks are on the increase, both from Russia and the West. Entire digital infrastructures are under threat.
This could also affect start-ups, warns legal scholar and IT security expert Dennis-Kenji Kipker. "We now have a new situation," says Kipker. This is because it's no longer just about data harvesting or other financially attractive exploits for hackers. "Many hackers are now only interested in pure destruction," he says.
One problem is that Germany and its companies are ill-prepared in the event of a real cyber war with targeted attacks on large companies. "We can't cope with that," says Kipker. Due to unclear responsibilities of the authorities and too few personnel in the IT sector, Germany is currently unable to act and deploy in the event of targeted cyber attacks.
Increased computer attacks in the form of hacker attacks, malware or bots are already causing expensive damage worldwide. This is already affecting Germany, where the Federal Office for Information Security (BSI), among others, is responsible for all relevant IT security aspects. The BSI recently issued a number of warnings and set the threat level to "orange", which the authority defines as "business-critical". Increases are the red and dark red levels, at which the impact of damage would be enormous and the infrastructure could collapse completely. Before the war, the threat level was still low.
BSI warns of Russian virus protection program
At the same time, the BSI warns against certain programs or software providers that are frequently used. These include possible security loopholes in the Russian company Kaspersky. The company's antivirus products have been trusted for many years and its products can be found on millions of German computers. The Russian provider is also heavily promoting its program in the start-up scene.
So far, the Kaspersky programs have been successful. However, the BSI warns that access to Kaspersky antivirus protection may now represent a security vulnerability. "Antivirus software, including the associated real-time cloud services, has extensive system authorizations and must maintain a permanent, encrypted and uncheckable connection to the manufacturer's servers (at least for updates)," it says on the official website.
Users should replace the software with alternative products - to the annoyance of Kaspersky, which rejected the claim. The company has no links to the Russian government. The company is working with the BSI to refute the concerns. In the IT company's view, the BSI's decision was politically motivated.
Protect data and schedule regular updates
In general, companies should take a closer look at which programs they use and how they protect their data, advises security expert Kipker. "It is important that the data backup is detached from the productive system and not in the running network," he says. Companies should not put off operating system updates, employees should not log in to every website and should adhere to known rules on the security of emails and data. Start-ups with innovative ideas in particular should pay attention to where and how they disclose information online. "It can also be advisable to take a close look at who you have networked with on LinkedIn," says Kipker. In today's world, it is important to have many contacts as an entrepreneur - but some could also be fake CEOs in order to observe entrepreneurs in their activities.
Especially when young companies develop new software or new services or handle confidential information, they are a potential target. "The capital of start-ups lies in their expertise," says Kipker. "Where there is something to be gained, someone will look," he says. This can cause considerable damage: "An attack like this threatens the entire existence of a company."
Those who do not protect their trade secrets technically enough may not be able to claim damages later. "Because then the court won't see them as a secret either," says Kipker.
He also advises against storing sensitive data in US cloud services. "Data protection is regulated very differently there," says Kipker. He recommends that companies use alternative solutions in the EU or in Germany.
Although large companies are currently the main target of hacker attacks, start-ups should also prepare for possible attacks. "Once malware is in circulation, even small companies are not spared," says Kipker. "Start-ups could become collateral damage in this cyber war."
Do not shut down systems after an attack
If a start-up experiences an attack, the first thing it should do is disconnect the entire network from the internet. "But don't shut down the systems immediately if data still needs to be backed up," says Kipker. This is also important to make it possible for forensic experts to determine how hackers proceed.
"Business owners should then contact the authorities or the state criminal investigation departments responsible for cyber security and initiate criminal prosecution," says Kipker. In addition, the management should inform all employees and check whether customers or third parties could be affected by the attack.
Newsletter
Startups, stories and stats from the German startup ecosystem straight to your inbox. Subscribe with 2 clicks. Noice.
LinkedIn ConnectFYI: English edition available
Hello my friend, have you been stranded on the German edition of Startbase? At least your browser tells us, that you do not speak German - so maybe you would like to switch to the English edition instead?
FYI: Deutsche Edition verfügbar
Hallo mein Freund, du befindest dich auf der Englischen Edition der Startbase und laut deinem Browser sprichst du eigentlich auch Deutsch. Magst du die Sprache wechseln?
