The threat situations are becoming more and more massive. After repeated IT attacks on companies in recent months, two organizations have now been hit within a few days. At Medatixx, a company that sells software for German medical practices, central systems were encrypted using ransomware. Medatixx has called on doctors who use its computer programs to change their passwords. More than 20,000 practices with 40,000 doctors are affected in total. And on the night of November 7 to 8, the Media-Markt-Saturn retail group was hit by the "Hive" ransomware. This is said to have demanded a ransom of more than 240 million US dollars.

"Ransomware" is a term used to describe a type of malware that restricts or prevents access to data and systems. A ransom (English: ransom) is then demanded for release. Either such a malicious program blocks complete access to the system or it encrypts certain user data. Ransomware that targets Windows computers is particularly widespread. In principle, however, all systems can be attacked by ransomware," describes the German Federal Office for Information Security (BSI).

Phishing, on the other hand, refers to attempts to pass oneself off as a trustworthy communication partner in an electronic communication via fake websites, e-mails or short messages. Phishing is at the root of a wide variety of crimes, ranging from simple data theft and illegal account debits to attacks on critical infrastructures. In the past, for example, the BSI has also reported phishing attacks on European and U.S. energy providers, including nuclear power plant operators.

What are the implications for businesses?

The impact for companies is massive, as recent figures from the digital association Bitkom show. Theft, espionage and sabotage cause total damage of 223 billion euros to the German economy every year. This means that criminal attacks have once again caused record damage: the amount of damage is more than twice as high as in 2018/2019, when it was 103 billion euros per year. Nine out of ten companies (88 percent) were affected by attacks in 2020/2021. In 2018/2019, three-quarters (75 percent) were victims. There are now over 800 million variants of malware in circulation, with around 400,000 new ones added every day. And that's just the beginning. The damage caused by cybercrime is becoming increasingly expensive for companies and their insurers. That's the conclusion of an analysis by Allianz industrial insurance subsidiary AGCS, which evaluated 1736 cyber loss reports from 2015 to 2020. According to AGCS, the total damage was 660 million euros - and rising.

Can companies prevent cyber attacks?

Criminals are constantly developing new methods to enrich themselves online or to obtain sensitive data. Effective protection is difficult, because: The biggest security risk is often the company's own employees. Without realizing it, they can fall for the devious tricks of online fraudsters. The result is immense damage for the companies. For this reason, it is important to make employees aware of IT security.

Companies are therefore well advised to increase awareness among their employees. The core concept is awareness. The BSI writes: "In everyday dealings with IT systems, awareness is an elementary security measure. This means first of all that an awareness of the problem of cyber security must be created. Building on this, it is possible to achieve a change in behavior toward secure digital use. Security awareness measures are successful if they empower the target groups and motivate individuals to become more cyber secure. It's important to develop awareness at eye level and in a practical way."

Awareness therefore means that managers and employees must be sufficiently sensitized and trained to prepare themselves preventively for dangerous situations. Managers and employees must quickly recognize these risks and threats and respond to them professionally. This can only be achieved through the consistent and qualified training of members of an organization in cyber security.

Online courses as a component of good security awareness 

A tightened security situation worldwide, increasing technical networking and the dependencies associated with this for companies require special technical, management and action competencies. Business needs multifunctional security employees and managers who can perform a wide range of protective functions. This is also related to continuous training. Companies should therefore not shy away from taking up existing offers.

The aim of security awareness training is to minimize the dangers to IT security caused by employees. Therefore, security awareness training includes various training measures to sensitize employees of an organization to topics related to the security of IT systems.

But what constitutes good awareness? A successful and broad-based awareness campaign includes, among other things, regular online training on cyber and information security. After all, good awareness can only be established if the campaigns are carried out again and again. Helpful for successful security awareness is a change of perspective. Security awareness training works to sensitize people as a defensive shield against cyber attacks and to show how important employee:s are in defending against cyber attacks. According to the BSI, IT security is as good as the people who operate the systems!

How do online training courses have a real impact?

It is important to address employees with the right topics and professional and attractive storytelling. This facilitates access for employees across all hierarchical levels and ensures that the content is really understood and embedded. The focus is on high-quality audiovisual presentation and practical, interactive entertainment with didactic appeal. Education in 2021 is always entertainment, too! In this way, online training shows real impact through good and entertaining preparation of the topics. In this way, not only can complex knowledge be conveyed, but also every type of learner in a company can be addressed. E-learnings help as an introduction to the subject matter and can encourage employees to really recognize the importance of security awareness training and to adapt it for practical use.

Outlook: Are cyber attacks likely to increase?

Experts agree that cybercrime and related attacks will definitely increase. The perpetrator groups are becoming larger, more professional and more unscrupulous. We have to counter these developments. Burying our heads in the sand and relying on the fact that the attacks will pass is not a sustainable strategy. Significant assets may be threatened by inadequate economic protection. Therefore, executives and employees must be sufficiently sensitized and trained to prepare themselves preventively for danger situations, to recognize them quickly and to react professionally. Awareness training is therefore indispensable for establishing comprehensive security and safeguarding the future.