Discover Germany, Issue 55, October 2017

Page 72

Discover Germany  |  Special Theme  |  Safety & Security

Photo: © Bildagentur 123RF Deutschland

Stepping up security against IT risks Cyberattacks and viruses are a risk every company has to deal with nowadays. Therefore, reliable information security and advanced risk management are an essential aspect. Since small- and medium-sized firms still have to learn how to implement and maintain defence solutions, secopan (Security Competence Partner Network) GmbH has made it its business to provide expert advice to these companies. TEXT: NADINE CARSTENS  |  PHOTOS: SECOPAN GMBH

Damage to IT infrastructure, for example caused by hackers or a fire, can have severe consequences for a company, leading to seizing up entire business processes. Therefore, it is absolutely necessary to have a proper information security management system (ISMS) that systematically and continually checks all information security risks. Particularly small- and medium-sized firms still have to learn to understand the problems of computer security. Therefore, secopan, established in 2009 and based in Leonberg, Baden-Württemberg, provides expert advice especially to such firms and offers pragmatic and economic solutions to implement advanced information security management systems according to the international standard ISO/IEC 27001. 72  |  Issue 55  |  October 2017

“We try to identify to which risks the IT of a company might be susceptible and, as a result, could hinder usual business processes,” says Dr. Jörg Kümmerlen, founder of secopan. For example, if a damage to the IT infrastructure affects imports, this leads to a lack in the supply of certain products. “Our main task is to implement security practices and management systems that ensure long-term protection of business processes and assets.” Protection in case of a security risk A recent example shows how important it is to have a proper information security management system. This year in May, the malicious ransomware WannaCry was in the headline news for attacking global

computers, including Britain’s NHS and companies in Europe. The consequences were dramatic since, for example, the drug plans of cancer patients had been encrypted, and their therapies could not be continued as planned.“WannaCry exploited vulnerabilities in the system, but this could have been prevented,” Kümmerlen emphasises. “Therefore, it is necessary to prepare networks in a way that those system vulnerabilities are protected against threats.” The Deutsche Bahn was a target as well. At numerous train stations, departure boards displayed a message demanding high payments for the key to decrypt files. Nevertheless, most train services did not stop completely because the coordinated attack did not affect the technical conductor systems due to Deutsche Bahn’s security management.“By implementing an information security management system, a company management also reduces the risk of being liable in cases like these, which is an enormous help,” says Kümmerlen. “If a company does now have a certified management