For a company of its size, MANN+HUMMEL has a particularly good IT security set-up, and our security measures are being constantly developed. We follow current security trends very closely, regularly attend trade fairs, and maintain close contact with our service providers. After all, IT security is like the race between the tortoise and the hare. It is essential that we continuously upgrade and regularly check our systems.
Like all other German companies, we are vulnerable to outside attacks. Anyone who claims to have never been attacked is labouring under a misconception; attempts are made to infiltrate our system structures every single day. Every month, we record several thousand attacks scattered throughout our system (this can be likened to someone trying their luck by knocking on a door to see if it is open).
There is one development that we consider very dangerous. The era of hackers being merely bored teenagers is no more. Today, it is an industry in which lots of money changes hands and information is treated as a commodity. Rather than attacking a whole system, the culprits hone in on individual users.
Hackers use social networks to select a user and try to find out as much as they can about them, their preferences and hobbies. Considering how much we reveal to the online community these days, this can happen quicker than you might imagine. The hacker then attempts to ‘seduce’ their selected target, for example by sending a message that precisely matches the person’s interests, possibly even forging the email address of someone they know. For instance, the user receives a message from a friend: ‘Hey, you’re interested in cars, aren’t you? You have to check this out! Just click on the link.’ Naturally, the link does not lead to pictures of beautiful cars, but to a website containing malicious code. The user is hijacked and the hacker has access to their computer. Now imagine that this message is sent to the user’s company mailbox – in the blink of an eye, the hacker has access to the company’s system.
IT security taken seriously
After infiltrating a computer, the malware lays dormant for a while, waiting a few days before it begins sending information to the outside world. This is why, if our security precautions raise even the slightest suspicion, the relevant computer is immediately removed from the network and reinstalled. Speed is clearly of the essence here. If we discover something, we try to solve the problem within the next few hours, not the next few days.
This doesn’t scare me; it is the nature of day-to-day business and I know that we are well-prepared. We know how these things work and we know our countermeasures. What’s more, if our users remember a few simple rules, then the risks will be minimal:
- Think before you click (check plausibility)
- If you’re unsure, give us a call (IT hotline)
We would much prefer a short phone call to several hours of work. We rely on our users to stay alert – the IT team can’t solve every problem.