Data theft:

How to protect your company from espionage and sabotage

It was clear to me from the outset that only a holistic solution would really make sense.

Michael Mrugowski, Team Leader IT, schauinsland Reisen GmbH

In practice, the integrated system is of great benefit to everyone involved, as it saves them many clicks, time and journeys.

Lutz Berger, Head of IT, Stadtwerke Weimar

After almost 10 years of using ACMP, we are still convinced that we have a powerful solution for our client management.

Marc Andre Still, Head of IT / Building Technology, Sinn Spezialuhren

01.06.2023

Data theft: How to protect your company from espionage and sabotage

The risk of cyberattacks has increased since the coronavirus pandemic: The EY Data Theft Study 2021 shows that companies are becoming increasingly aware of the digital threats they are exposed to and that comprehensive protection mechanisms are needed to reliably protect data. 63% of the study participants surveyed already consider the risk of becoming the target of cyberattacks to be high. Find out why data theft is worthwhile for hackers and how companies can protect themselves against unauthorised access.

What is data theft?

The term data theft describes access to secret and sensitive data from companies, organisations or private individuals using illegal methods. Cyber criminals use various methods to steal confidential content and use it for their own purposes. The effects of data theft can cause far-reaching damage to companies: For example, a hacker attack on a well-known e-bike manufacturer in January this year led to a complete shutdown of operations for several weeks and the company ultimately had to file for insolvency. It is therefore important to take early and continuous security measures to protect against data theft.

This is how cyber criminals steal data

Criminals use a variety of methods to steal confidential information and sensitive data. They often rely on common approaches such as data leaks, phishing, malware, keyloggers or social engineering.

Data leak: security gaps in the system

Data leaks can occur in different ways, for example due to faulty software or external influences on a system landscape - such as a cyberattack. Data in systems that are actually protected can be accessed via the resulting security gaps, regardless of whether they are self-inflicted or externally caused. Cyber criminals can then use this for their own purposes.

Phishing: from classic email to WhatsApp

Phishing is a well-known but still very popular method. It involves sending emails, text messages (the appropriate term for this is smishing) or WhatsApp messages that are disguised as legitimate and encourage the recipient to click on a link. In this way, the attackers attempt to elicit personal login details or information from the recipients. For example, a phishing message may contain information about an alleged hacker attack that requires the user name and password to be re-entered. If those affected follow this request, attackers can easily inject spyware or other malware into the computer system. Data can thus be sabotaged or business processes spied on.

Malware: Harmful spyware

Malware is the umbrella term for various types of malicious software. These include viruses, Trojans, ransomware and spyware that spy on and pass on company information, causing major damage to company networks. The number of ransomware attacks in Europe in particular is set to rise, according to the Mandiant Cyber Security Forecast 2023 the number of ransomware attacks in Europe in particular will increase enormously in the coming year, resulting in even more victims of data theft.

Keylogger: Interception of input data

Keyloggers are a particularly sophisticated type of malware, as the software is able to record keystrokes on digital end devices. If users enter their personal login details or send messages containing confidential information, the keylogger records them and makes the content visible to cyber criminals.

Social engineering: manipulation of employees

In order to gain access to protected data such as user names and passwords, the fraudsters first establish an apparent relationship of trust with the victims. This increases the likelihood that sensitive information will be entrusted to them. In social engineering attacks on companies, for example, they ask about the management's attendance times, which employees are authorised to make transfers or which business activities are currently pending. To protect themselves, it is important that employees are alert to such requests, ask questions and do not allow themselves to be intimidated.

Data theft: these are the current scams

It is not only companies that are benefiting from increasing digitalisation and the associated technological possibilities. Cyber criminals are developing ever more sophisticated methods and scams to obtain information. With the so-called MFA fatigue tactic, for example, it is possible to crack multi-factor authentication (MFA). To do this, the attackers must first obtain the user's username and password. They usually use social engineering tactics and overwhelm the victims with password requests until they reveal their data. The hackers then log in with the data, whereupon an authentication request is sent to the user.

In everyday life and due to the previous flood of requests, they often tend to confirm the request - and the hacker attack was successful. Recognising such attacks is simple in principle: if the user data was entered in a login portal not moments before, the authentication request is often not genuine. But in everyday life, people quickly become unaware of why this tactic is so successful. Companies should therefore take precautions for such cases and also sensitise their employees to the issue of data theft and point out current scams.

Why data theft is so dangerous

The consequences of data theft can be devastating. Identity theft, blackmail attempts and loss of trust are a long-term problem for companies. If sensitive customer data is lost, published or used for spam, companies lose their good reputation. In the case of company secrets that should not be made public, hackers often attempt to blackmail them. If the data theft is self-inflicted, for example if security measures are neglected, companies are liable to prosecution and must expect high fines. According to the data theft study by the auditing and consulting firm EY 44% of the companies surveyed had concrete evidence of cyberattacks in 2020. Almost all of the companies surveyed (99%) expect hacker attacks to increase in the future. It is therefore becoming increasingly important to invest in data security.

4 tips to protect against data theft

No matter how well trained employees and managers are, mistakes happen from time to time wherever work is carried out. This is why it is important to take measures to increase IT security.

1st tip: Use multi-factor authentication

Multi-factor authentication is still one of the first and simplest measures that companies should take. Used correctly, an MFA secures access to company data better than a simple user name and password. In general, every authentication request should be taken seriously and checked before it is confirmed. Strong passwords are also required, consisting of a combination of upper and lower case letters as well as special characters and numbers.

2nd tip: Rely on a comprehensive client management platform

Reliable IT solutions are required in order to have an all-round overview of your own infrastructure and to control it centrally. Client management platforms such as ACMP offer options for customised configuration and can therefore be adapted to specific requirements. Administrative tasks that take up a lot of time and resources on a day-to-day basis can be organised simply and (partially) automatically using a wide range of modules. These include, for example, simple operating system installation, integrated Windows update management, inventory and patch and vulnerability management. Additional tools such as the ACMP Security Detective also enable continuous monitoring and status checks of the firewall, virus and spyware protection. If new vulnerabilities arise, they can be recognised and averted immediately.

3rd tip: Pay attention to current standards when encrypting data

The encryption of operating systems and drives, and therefore of data, is another core element of protection against data theft. The encryption process is based on two important cornerstones: The key, which is used to make data and messages unrecognisable, and the rule to which the key must conform. The well-known symmetric encryption standards include Advanced Encryption Standard (AES) and Triple DES. AES is currently one of the most secure standards and is used by companies and governments worldwide. Triple DES differs only slightly from AES in terms of structure and function and offers a similarly high level of protection. Extensions such as ACMP BitLocker Management offer additional functions with which a high level of encryption protection can be achieved. These include the automated starting and stopping of encryption and status queries for encryption protection devices.

4th tip: Run virus scanners on all clients

Regular virus scans are useful for identifying risks at an early stage and removing harmful programmes as quickly as possible. With ACMP Defender Management, IT administrators can monitor and manage all clients and servers from a central interface, without having to use additional antivirus solutions. Critical IT infrastructures in particular can be optimally administered in this way, as all the necessary components are operated on site.

Conclusion

Cyberattacks and data theft can pose serious problems for companies. Cyber criminals are constantly finding new ways to penetrate protected software architectures and access sensitive and protected data. For this reason, security precautions must be constantly reviewed and adapted to prevent attacks and data theft. With modern technologies, up-to-date standards and a holistic IT solution, Aagon is a strong partner when it comes to IT security.

Do you want to extend the management functions of Microsoft BitLocker to have an optimum overview of your IT and thus protect your company from sabotage, espionage and data theft? Then let's talk - we'll be happy to answer any questions you may have! Get in touch with us here.