Threat scenarios are changing as quickly and agile as the IT landscapes themselves. The situation is complex, which is why holistic cybersecurity strategies are needed to increase problem awareness around the topic of data security and data protection in the long term. […]
Ulrich Fleck has been dealing with IT security for over 20 years and has acquired extensive know-how in this area. As Managing Director of SEC Consult, a consulting company for cyber and application security, which has also been part of the Atos Group since January 2021, Fleck sees a problematic trend from the point of view of cybersecurity, especially in the cloud environment: “Due to concentration tendencies on some cloud service providers, security incidents will have a much greater impact. In addition, our IT dependence is increasing with the degree of digitization and the use of smart systems. Information societies such as those in the Western world will be particularly badly affected by this.“
That is why Europe has been trying to ensure data sovereignty for several years, including with the Gaia-X initiative. The implementation of the Gaia-X standard, which is intended to ensure the sovereignty of the population and companies over their own data and business models, is currently gaining momentum and will make digital sovereignty a focus topic for IT security in the coming year.
Missing Shortage of skilled workers means lack of security
An obvious problem for IT security is the lack of specialist personnel for the area everywhere. The shortage of skilled workers that has been prevailing for years is increasingly contributing to the fact that safety technology is not effectively made available or awareness measures are not implemented or only insufficiently implemented. Also, the implementation of an effective emergency program, if an attack was successful, requires cybersecurity experts, which are currently few and far between. “This will cause the economy a lot of problems in the near future,” warns Fleck, “if countermeasures are not taken quickly.“
The SEC-Consult Group does this on its own with a training program developed by SEC Consult Germany, which enables the company to train highly specialized specialists who should professionally and effectively provide prevention, defense and education in practical security use. The program, in which junior employees are qualified on-the-job by experienced employees according to precisely defined standards, will be made available throughout the Group of companies and also at Atos in 2022.
Always and everywhere
The fact that the weakest link in cybersecurity is probably the human being is not a new insight, but the digital penetration of our everyday life – for example through IoT devices – is opening up more and more gateways for cybercriminals. Ulrich Fleck: “Often the devices are not recognized as computers at all. As a result, users also lack the perception that there are critical vulnerabilities that can be easily exploited to penetrate entire networks via different devices.“
As supply chain attacks from the recent past have shown, the industry will therefore not be able to avoid professionalizing IT security much more from the very beginning. According to Fleck, in the near future cybersecurity will already have to be the focus of software development – an area in which SEC Consult specialists have been researching for years within the framework of the Vulnerability Lab and, thanks to this expertise, contribute to a higher quality of product development in terms of IT security.
In the production sector, the trend towards security-by-design will continue to intensify in order to be able to take targeted risk minimization measures based on threat models when designing a new application. “And also in software engineering, any attack vectors will have to be included in the system design from the outset,” adds the SEC Consult Managing Director, “So software providers will play an increasingly important role and user organizations and companies should take a particularly critical look at the software supply chain.“