“It’s getting uncomfortable out there,” summed up Dominik Engel, Head of the Center for Secure Energy Informatics at Salzburg University of Applied Sciences. At the Innovation Salzburg panel, Salzburg’s Governor Wilfried Haslauer, Alexander Wörndl-Aichriedler, Vice President of Global ICT at PALFINGER, and Stephanie Jakoubi, Founder of the sec4dev conference and Head of Strategic Partnership Management at SBA Research, discussed the situation under the moderation of Dominik Engel.
Cyberattacks happen every day, which is especially critical for public infrastructure, as seen recently in the example of the government of Carinthia, whose IT services were disrupted after an attack. The hacker group is demanding $5 million in ransom from the state of Carinthia.
Salzburg’s public infrastructure is also a daily target of cyber attacks. For example, the Salzburg AG experiences about 300 attempts per week to introduce viruses and Trojan horses, 600 phishing emails, and 10 emails with malware, according to Governor Wilfried Haslauer. “This is a permanent threat. There are two pillars to securing public infrastructure: firstly, being up to date in the technical field. Equally important is personal awareness in dealing with data – that is where most security problems arise.”
How employees become human firewalls
That there is still catching up to do was confirmed by Stephanie Jakoubi. “Everything is becoming more interconnected. This is not possible without security. You cannot network all systems without knowing the risks.” Ideally, security is already considered when software is developed – that is, security by design. In practice, however, it plays a subordinate role.
All panelists agreed that people play a central role. “People can be a vulnerability, but also a good firewall if they are well trained. I recommend sometimes showing a certain paranoia and not being naive,” said Stefanie Jakoubi. At PALFINGER, employees are trained and also tested. USB sticks are scattered in parking lots to see how they react.
Because every single person can contribute to making the company secure, not just the security experts. Alexander Wörndl-Aichriedler said, “We need a societal rethink for this. Currently, we are not resilient enough to resist hacker attacks.”
It can hit any company
Because he is certain that every company can and will be targeted by hacker attacks. “The question is not whether a company will be attacked, but when.” Even PALFINGER is targeted by hackers every day. “In 99.9 percent of cases, nothing happens. The dangerous attacks are those that make it through the protective mechanisms and then lie dormant in the system for several months before attacking.” Exactly that happened in January 2021. Access to accounts, merchant systems, and ERP systems no longer worked. How do you react to that? “You get an overview and try to restore the technical infrastructure, such as email and active directory functions, so that operations become capable of acting again. On average, this takes 23 days.”
How will Salzburg become more cyber-resilient?
Making Salzburg companies more cyber-resilient is both a technical and a sociological education. Special attention is paid to training skilled workers in Salzburg. “With the new school subject ‘Digital Basic Education’ from the 5th grade onwards, a foundation is laid to strengthen awareness of the topic. And with its own chair for cybersecurity at the new Faculty of Digital & Analytical Sciences (DAS) at the University of Salzburg, Salzburg aims to become a hotspot for cyber resilience,” said Governor Haslauer.