Once attackers get inside a company’s system, they can, in a worst case scenario, do what they want: anything from stealing and manipulating data to sabotage. TÜV Rheinland quotes US research institute Ponemon as saying that it takes companies on average a year to detect and deal with threats. Although most companies are aware of the danger and have safeguards such as firewalls in place, hackers usually succeed in infiltrating systems via two loopholes: gaps in the infrastructure, often devices in the Internet of Things (IoT), and fake e-mails to employees whose e-mail addresses have been illicitly acquired. Security experts recommend, among other measures, permanently monitoring all networked devices in the company and training employees in ‘hacking seminars’.
In 2018, the German Association for Electrical, Electronic & Information Technologies (VDE) warned that industry needed to better protect their networked production from cyberattacks. A survey it conducted identified intrusions via remote maintenance access, inadequately protected network components, and control components connected to the Internet as the greatest threats.