Change of the security perspective

The programs of this fall’s lecture events were heavily influenced by the topics of “Digitization – Cyber Security – Implications for Corporate Security”. It is very clear that this topic area is seen as a very strong challenge for companies of all sizes.

The case of a massive cyber attack on the Pilz company has impressively shown how quickly these often theoretical discussions can become reality. According to the press, the company was the victim of a ransomware attack on Sunday, October 13. The company announced that it had become largely unfit for work.

Hackers had succeeded in attacking most of the company’s servers and encrypting the data on them. In response to the cyber attack, the Swabian company took all computer systems off the network and blocked access to the corporate network. Pilz called in the BSI and the public prosecutor’s office. A crisis management team was also set up.

On the fringes of a major event on October 16, 2019, the CEO of Pilz announced more detailed information about the cyber attack and its target. According to this, it was discovered on 13 October that the company’s server data could no longer be accessed. This was preceded by an attack with the aim of encrypting the data on the Pilz servers, which was achieved. According to Pilz, there were now extortionate demands. Apparently the attack was only about money. To the height of the amount the Pilz managing director did not make any statements. For him, however, it was clear that he would not pay any money for his own company data.

This specific case has once again shown how real the threat often perceived as abstract is. From the point of view of the uninvolved consultant, Pilz has solved this case excellently. Especially the crisis communication worked well. The public was regularly informed via various on- and offline channels.

From this dramatic case we learn how important it is to have a very good interaction between a crisis team and crisis communication. Open communication via all channels (here trade fair presence and social media) creates trust in the public and limits the damage to reputation. We also see how difficult it is to stabilize the complex system of such a company after a fundamental attack and to return it to normal operations. An educational example for many other companies.

It is becoming increasingly clear to us how important the topic of digital threats and the appropriate response in crisis and continuity management is for a consulting and IT company. With the merger between IB Götsch AG and Verismo, we have taken this development into account. With the certification of our information security management system according to ISO 27001, we have shown that we do not just talk about it to our customers, but also subject ourselves to such an important process. Although information security is only one, it is an important component in the security architecture of the company of the future.

These days you received our new seminar brochure by mail. Please take note of our extended seminar offer and get an overview of our training program on our new website. In our training center we offer excellent training opportunities.

We would like to discuss this topic with you in a direct conversation

Dr. jur. Klaus Bockslaff and Dr. ing. Mathias Götsch