Private individuals and companies leave behind data in the digital world every single day, and we rely on the systems that manage this data to work properly. The digitalisation of data, for example having a detailed digital customer database, is now essential for most companies. It is the only viable method for efficiently organising information and sharing it within the company. This makes comprehensive data security absolutely essential. “Digital systems need to be constantly updated to ensure that security gaps are closed immediately. A hacker or malware program breaching one of these gaps can lead to sensitive data being stolen or a company’s IT systems being shut down”, explains Marc Etienne Cortesi, Chief Information Security Officer at Baloise. Regular data backups, the secure storage of these backups and effective employee training are key elements to guaranteeing information security within a company.
Casting a net in the digital ocean – a business risk that should be taken seriously
Patient records, credit card information, address data – at first glance, it might seem like it’s just large companies like hospitals, airlines and banks that are targeted by cybercriminals. But that’s not the case. “From SMEs to international corporations, any company can be the victim of a cyberattack. Cyberattacks are not always targeted. Think of them a bit like mass fishing: cybercriminals cast a huge net of malware into the digital ocean and fish out the companies that get stuck in the net – which might include a large airline or a small architectural office”, adds Marc Etienne Cortesi.
Encrypt and steal: data is a precious resource
If an attack is successful, hackers aim to generate large financial returns. In recent years, cybercriminals have been focusing on extorting money from companies, for example using ransomware , which encrypts a company’s servers and all of the digital data saved on them. This type of attack usually leads to a business interruption, as Marc Etienne Cortesi explains: “Let’s look at the previous example. If an architect or engineer is unable to access their digital construction plans, the whole project comes to a standstill. The effects of this are not limited to the affected SME – the project partners and customers also suffer.” Even if there is a functioning backup, restoring the IT infrastructure can take several weeks. In addition to ransomware, distributed denial of service (DDoS) attacks are also on the increase. These are mostly targeted at critical infrastructure operators.
Cybercriminals may also decide to steal a company’s data and then either demand a ransom from the company for their return or sell them to the highest bidder on the Dark Web. That’s why protecting data – a company’s intellectual property – is absolutely essential.