IGHTING CYBERCRIME

An Uphill Battle
BY TILL HOPPE
Small and mid-sized companies in Germany are especially hard-pressed to defend t
hemselves against cyber attacks, which are increasing in both size and scope. Ge
rman authorities and business leaders have a new plan to tackle the costly attac
ks.
read
de Maiziere computer-getty images
German Interior Minister Thomas de Maizire is looking for way to stop cybercrimin
als. Source: Getty Images
Government agencies and business representatives will unveil a joint strategy la
ter Tuesday to counter cyber-attacks and other forms of corporate espionage and
sabotage, based on a document seen by Handelsblatt.
Interior Minister Thomas de Maizire will present the results of a year-and-a-half
-long effort to help companies especially small and mid-sized enterprises preven
t industrial spying and theft.
The attacks cost German industry an estimated 50 billion ($56.3 billion) each yea
r.
The interior ministry has developed the National Economic Protection Strategy to
gether with the countrys domestic and foreign intelligence and police agencies, a
nd key business lobby groups including the Federation of German Industiries (BDI
) and the Association of German Chambers of Commerce and Industry (DIHK).
The plan points to an uphill battle to protect companies from cybercriminals. It
s main component, a web platform that will provide firms with advice on how to d
efend themselves against attacks, is still under construction.
The website, www.wirtschaftsschutz.info, will also provide information on where
companies can seek help in the event of a major security breach. Germanys intelli
gence agencies and federal police will also allow registered users to access a p
assword-protected area that keeps businesses updated on current threats, as well
as political unrest in key markets abroad.
69 percent of industrial companies in Germany have been victims of data cyberthe
ft or sabotage over the past two years.
BITKOM SURVEY
The goal, said DIHK president Eric Schweitzer, is to heighten security standards
in Germanys economy, especially for small and medium-sized businesses by raising a
wareness of the dangers of cyber attacks and offering help. Under the plan, mana
gers will be able to attend seminars to train them on how to bolster their compa
nies defenses against cybercrime and how to protect business-critical information
.
The head of Germanys domestic intelligence agency, Hans-Georg Maassen, is among t
hose who argue that smaller companies still often fail to recognize the threat o
f espionage and sabotage.
A new survey by the IT sector association Bitkom estimates that 69 percent of in
dustrial companies in Germany have been victims of data cybertheft or sabotage o
ver the past two years. The attacks cost companies about 22.4 billion each year w
ith damages across the broader economy estimated at 50 billion.

Many cybercriminals use ransomware that can burrow into a company computers hard
drive with a bogus job application, for example and encrypt its files. To regain
access to their data, firms are then forced to pay money to the hackers by tran
sferring funds in the form of the digital currency Bitcoin to an anonymous accou
nt.
According to an unreleased survey of some 600 companies by Germanys Federal Offic
e for Information Security, one in three businesses were hit by ransomware in th
e past six months.
In terms of quantity, but also quality, a lot is happening, said Ralf Benzmller, an
IT security specialist with G Data. His analysis shows cybercriminals attacking
a widening array of operating systems and devices. And the ransoms are growing
steeper, too, making businesses with deep coffers an attractive target.

26 p6 Targeted by Data Thieves cyber crime internet IT electronic espionage-01

Germanys current approach to cyberdefense, according to the joint report seen by
Handelsblatt, leaves plenty of room for improvement. It points to inadequate comm
unication and few clear points of contact with authorities. It also describes a t
angle of more than 100 different programs aimed at protecting companies, with mi
nimal cooperation between them. Moreover, according to the report, the governmen
t and businesses have failed to align their priorities on the cybersecurity fron
t, leaving them weak in the face of sophisticated cyber attacks.
To fix these problems, Mr. de Maizires predecessor at the interior ministry, HansPeter Friedrich, sat down with industry groups BDI and DIHK in the summer of 201
3. Some 70 experts were involved in regular consultations between German authori
ties and business representatives.
Both sides appear to be satisfied with the resulting plan. BDIs president, Ulrich
Grillo, called it a tremendous basis for further cooperation on a level playing
field.
Sources close to the interior ministry said the project succeeded in reconciling
a range of interests to forge a common approach, with concrete initiatives.
One expert said there were a number of sticking points for stakeholders to iron
out before the negotiations could progress. On the government side, agencies wra
ngled over who would deal with which type of crime, and at which point they woul
d share information with each other.
Lack of coordination between representatives on the business side posed similar
problems. BDI and DIHK withdrew from the Alliance for Security in Industry ASW i
n 2011, which had been the governments main contact point on matters of security.
Though each organization set up its own department to handle security questions
, representatives now say they cooperate on the issue.