Accessibility
Language
Hackers, data theft, cybercrime: IT security in focus
Attack from the net: recognizing and preventing cyber attacks
01.11.2025
The files and documents on the group drive are no longer accessible. At first he thinks it's a minor IT problem. But a little later it becomes clear: the company has been hacked. The point of entry? A long-forgotten admin account with a weak password. Scenes like this are not the stuff of a movie, but real-life scenarios in many companies. Cyber attacks are on the rise, affecting SMEs and small companies as well as large corporations and turning entire business processes upside down from one minute to the next. The key question: how can you protect yourself effectively and how do you react in an emergency? Silke Lilienberger-Hauke, Managing Director of secudor GmbH, talks about this. She talks about a real attack, explains the most important preventive measures and gives tips on how companies and their employees can arm themselves against cybercrime today.
Is such a criminal hacker attack actually conceivable in practice?
Silke Lilienberger-Hauke: Yes, we actually had a similar incident in May. This made it clear how important internal IT management actually is. This company had unauthorized access to its systems from outside. The entry point was an old administrator account that had been accidentally reactivated during an earlier software migration. The account had a weak password that had never been updated. Therefore, the attacker naturally had an easy game using a brute force method. This gave the hacker complete access to the system.
What exactly is brute force?
Silke Lilienberger-Hauke: Brute force is a simple but computationally intensive method of cracking a password by trying out all possible solutions.
How did this unnoticed access come to light in this case?
Silke Lilienberger-Hauke: It was actually noticed by an employee who no longer had access to the group drive in the morning. He then picked up the phone and asked whether it was an IT problem. But it wasn't a minor IT problem. We were able to follow up on this tip by checking the system files and system logs and thus establish that there had been an intrusion into the systems.
How did the company react to this?
Silke Lilienberger-Hauke: The response was immediate because the company had an emergency plan. This emergency plan was also regularly adapted to the relevant circumstances. It was practiced and also trained with the employees. The second step was to call in an external forensics service provider, who immediately blocked all access via the firewall, took everything off the network and changed all passwords. And the aforementioned administrator access was secured and deactivated. Only then was it possible to search the servers and systems intensively for traces and quickly identify what data had been leaked and possibly copied. In this case, employee data was also leaked. According to the GDPR, this must be reported within 72 hours.
Are there standardized emergency plans? Are there certain guidelines that must be adhered to or is it individual for each company?
Silke Lilienberger-Hauke: It is very individual for companies, as each company has its own circumstances to which everything has to be adapted. Of course, the decision also depends on the company's risk appetite and budget.
How do you as secudor GmbH support companies in such cases?
Silke Lilienberger-Hauke: We have two work packages for our customers. In the first work package, preventive measures are taken. You can have the cyber risk check carried out in accordance with DIN SPEC 27076 (BSI), and you can also get support in the aforementioned emergency management. This is not purely IT-related, but process-related. This in turn means that in the event of a cyber attack, if everything is actually taken offline, it should also be possible to return to normal business operations quickly.
These were preventative measures. Are there also reactive measures that affected companies can take?
Silke Lilienberger-Hauke: Yes, that is the second work package. You can or must respond reactively to something like this. We can of course provide support after a cyberattack. For small companies in particular, which do not have as much expertise in this area, it is very important to support IT, to report to the authorities and to provide forensic experts.
What are the three most important measures or tips for companies to ensure that they do not fall victim to an attack?
Silke Lilienberger-Hauke: First of all, you should disconnect all devices from the network and document the incident as well as possible, including with time stamps. Before that, you need to convene the crisis team and carry out the reporting obligation under the GDPR if personal data is affected. It is also very important to inform the police. Ideally the LKA or the central contact point for cybercrime.
Is there a type of cyber insurance that a company can take out? And if so, what do you need to bear in mind?
Silke Lilienberger-Hauke: Cyber insurance is indeed very fashionable at the moment due to the current threat situation. But you have to read the small print very carefully to find out what is really covered. For example, it should be clear what happens if incorrect information is provided about IT security measures that have been implemented. For example, if the service provider fails or the attacker gains access to the system landscape due to a missing security update. These are all issues that really need to be checked very carefully, because they also affect the insurance premium, of course.
What specific tips do you have for employees?
Silke Lilienberger-Hauke: At employee level, you definitely need to train the entire team on how to keep themselves secure in both a private and professional context. Recognizing phishing emails quickly and paying attention to IT security in general are important here, for example. And training should also be provided to ensure that the aforementioned emergency management really takes effect in the event of damage.
Is there a security tip that you personally have not paid enough attention to for a long time?
Silke Lilienberger-Hauke: Absolutely. There is one tip that I myself underestimated for a long time: two-factor authentication. I now use this wherever possible. Both privately and professionally. It provides good basic protection.
What tips would you give companies for the future of cybersecurity and cybercrime?
Silke Lilienberger-Hauke: Cybersecurity is definitely a matter for the boss. It shouldn't be dismissed and only delegated to the IT management, but actually focused on. Authorities can provide important tips, but they are basically powerless against attacks that take place in their own company. The topic of cybercrime has definitely arrived in Germany, it is no longer a topic for the future. Attacks are happening: everywhere and every day. Unfortunately, no one is safe from them. Attacks can go unnoticed ten times, but the eleventh time could be successful. Those who are prepared can limit the damage or, in the best case, prevent it altogether.
If a cyber attack were a movie: would it be a thriller, a horror movie or a tragicomedy?
Silke Lilienberger-Hauke: It all depends on how successful the hacker was. In principle, all three movie genres can apply. The case mentioned at the beginning would definitely be a thriller. For IT, it's sheer horror not knowing what to do at first. And whether it becomes a tragic comedy depends on how well the company is set up and whether you end up laughing about victory or crying about defeat.
The interview was conducted by Dr. Tanja Jovanovic, Member of the Management Board, Bayern Innovativ GmbH, Nuremberg.
30 years of energy & construction: How companies are shaping the energy transition through sustainable innovations (23.07.2025)
A huge amount has happened in the world of energy and construction in the last 30 years: from the first wind farms in Bavaria to huge offshore facilities and the phasing out of nuclear energy. What opportunities are there now for companies that are part of this transformation? And how have customer inquiries to our Energy & Construction innovation network changed?
Christoph Raithel talks to Prof. Oliver Mayer, Head of the Energy & Construction Innovation Network at Bayern Innovativ GmbH, about these and many other exciting questions.
