Business Automatica
Processes & SecuritySecurityCloud

Threats from the Web

Not a week goes by without hacker attacks on companies. The BSI warns of an immense threat landscape. How can you effectively protect yourself against cybercriminals?

November 9, 2023
6 min read
Cyber threats and hacker attacks

For busy readers

  • Companies should keep an eye on five security issues: ransomware, data breaches, insider threats, zero-day exploits, and phishing/social engineering.
  • Ransomware affects over 70% of global companies. Germany is no exception. Companies are at the mercy of extortionists.
  • Effective protection does not differentiate between employees and external parties but focuses on situational permissions.
  • Cloud services and Software-as-a-Service require a rethink of security architecture. Firewalls, VPNs, and virus scanners are no longer enough. New security architectures provide the solution.

Tip to try out

What applies to a company also holds true in your private life. In addition to typical security measures to ward off cybercriminals, a backup strategy should also be implemented—even on your home PC or Mac. It is a positive trend that more and more software manufacturers are bundling functionalities. This is the case with Acronis. Their Acronis Cyber Protect Home Office (formerly Acronis True Image) integrates complete backup software as well as antivirus and ransomware protection—all for a double-digit annual fee.

The Big Five

Not a week goes by without medium-sized companies or corporations falling victim to hacker attacks. Not a week goes by without warnings about the immense threat landscape in Germany—most recently in the BSI Situation Report 2023. Not a week goes by without us countering criminal energy with our creative intelligence. Today, we want to take a closer look at the threats posed by cybercriminals. In what ways do they cause damage to a company?

Ransomware

By this, we mean malicious software that encrypts data (e.g., Word documents) or systems (e.g., ERP). The encryption is only lifted upon payment of a ransom to the criminal(s)—or sometimes not at all. Ransomware is at the top of the list of the most frequent threats worldwide. According to one survey, over 70 percent of companies globally have fallen victim to ransomware attacks. And the trend is rising!

Data Breaches

Data breaches are vulnerabilities, for example in publicly accessible internet servers or corporate portals, through which hackers gain access to company data. They usually move across multiple servers within the company until they encounter valuable data such as price lists, quotes, employee records, or financial information. They then sell this data at a high price to competitors or other beneficiaries. Data breaches can also occur due to incorrect software configuration, improper permission settings, or outdated, faulty software ("bugs"). Negligence in these areas is often the root cause of a data breach.

Insider Threats

It is hard to believe, but not every employee is loyal to their employer. In addition to well-paid "sleepers" and "spies," there are, of course, mishaps—a misdirected email, a lost USB stick, etc.—that cause a threat from within. Temporary workers, service providers—even customers—can be further sources of embezzled or unlawfully obtained trade secrets. This is why differentiating between internal and external parties is no longer effective today. Business partners are too closely intertwined.

Zero-Day Exploits

This refers to a vulnerability in software that is not yet known to the software manufacturer when it is exploited. The manufacturer then fights a race against time. The longer it takes to fix the vulnerability, the longer cybercriminals can usually exploit it unhindered. While companies can mitigate the danger and damage with competent help by making it harder for hackers to gain further access through additional protective measures, a manufacturer update is the only final solution.

Phishing and Social Engineering

Banks like to warn their customers about these threats on their homepages. Who doesn't know them: requests in the name of well-known large companies like PayPal or Amazon to unlock an allegedly blocked account by re-entering a password. Or the phone call from a friendly, supposed bank advisor asking you to quickly reveal the security code on your phone so they can prevent an account lockout. These fraud schemes are also common in companies. Since these cannot be fought solely through technical means but also through prudent behavioral training, raising staff awareness is worthwhile alongside well-thought-out IT measures. A healthy dose of skepticism is helpful.

Data protection - taken literally

What can help when a company finds it difficult to distinguish between friend and foe, while also being confronted with loopholes it cannot significantly influence or fix on its own? Focus your energy and resources on the company's data and applications!

We have already outlined the elements of a modern security stack for the cloud world. The focus of companies must shift from infrastructure to corporate data and applications. It is not notebooks, smartphones, home offices, or servers that need protecting; it is the data and applications on them. Does this mean turning off firewalls, VPNs, and anti-malware protection? By no means! However, the entire security architecture is changing.

Instead of point-in-time protection, as is the case with a firewall protecting a corporate network or anti-malware software protecting endpoints, the verification of "relationships" is used. Which endpoint is accessing which target from which network for what purpose? Example: A sales representative wants to download customer price lists from the company SharePoint to their private Dropbox from an internet café using their private iPad Pro. Do you want to allow that?

Modern cloud security makes exactly these kinds of decisions constantly. Every user action is checked for potential policy violations. Additional protective measures are used to contain the threats described above: endpoint protection, identity protection, dynamic access brokers for cloud and SaaS services like Microsoft 365, Salesforce, or ServiceNow, cloud firewalls, and a few others.

Effective steps

If you use software from the cloud or provide it; if you have mobile employees—think of home office, workation, work from anywhere; if you work with many service providers; or if you cannot rely on the absolute loyalty of your staff: rethink your cybersecurity architecture. Often, you can achieve a significant increase in security with a few well-thought-out measures, causing hackers and other criminals to move on to the next target. Combined with just-in-time automation of defensive measures, modern security solutions are an investment that can prevent massive damage.

Si vis pacem, bellum para—if you want peace, prepare for war.

Interested in our solutions?

Contact us for a free initial consultation.

Get in Touch

Related articles

Pillar article
Featured image for article: Process Automation: The Pragmatic ApproachRecommended
Processes & SecurityLow-CodeERP

Process Automation: The Pragmatic Approach

Process automation doesn't have to be complicated. Learn how to achieve big results with small steps.

June 20, 2024
3 min read
Business Automatica Team
Photorealistic image of a truck scale at a recycling center. A driver in a high-visibility vest stands next to his tipper truck and scans a weatherproof QR code on a sign at the scale house with his smartphone. In the background, roll-off containers, an excavator, and piles of material are visible; above them, a clear sky and a license plate recognition camera on a mast.
topics.industryProcess AutomationWaste Management

Container Services: Fully Digital Weighing Processes

Paper slips, phone calls, and WhatsApp photos slow down the weighbridge. A QR-based web app connects drivers, the yard, and the ERP in a single process.

April 17, 2026
10 min read
Business Automatica Team
Laptop with accounting software and digital icons for automation and digitization
Processes & SecurityDATEVPDF

Automating Accounting

Automating accounting with AI: Save time, reduce errors, and simplify financial processes through intelligent automation.

November 23, 2025
4 min read
Business Automatica Team
Digitalization of invoicing processes and E-Government symbolic image
Processes & SecurityLow-CodeCloud

Digital Dog Tax Registration

Digital dog tax registration as a transferable model for modern, efficient municipal administrative processes.

July 19, 2025
2 min read
Business Automatica Team
Illustration of a man at a laptop with icons for PDF, AI, and spreadsheets – automated PDF processing
Processes & SecurityPDFLow-Code

Automated Extraction of Certificate Data

AI-supported extraction of technical data from PDF certificates – precise, fast, and seamlessly integrated into your ERP systems.

June 2, 2025
4 min read
Business Automatica Team
Automation solutions for increased productivity in the company
Processes & SecurityLow-CodeERP

Automation Solutions - Simple Paths to Increased Productivity

Automation is not rocket science. With the right strategy, companies can save time, avoid errors, and create space for strategic tasks.

December 17, 2024
6 min read
Business Automatica Team