The digitization and connection of everything makes businesses increasingly vulnerable to cyber-attacks, the incidence and sophistication of which are increasing. To keep pace with developments, businesses are raising their
investment in IT security and joining forces to combat cybercrime.
The 2014 hack of Sony Pictures Entertainment and last year’s infiltration of the German parliament’s computer system show that cyber-attacks can strike anytime, anywhere. Cybercrime has grave implications and costs the global economy about $450 billion a year, experts say. Intellectual property theft can delay technical progress and skew competitiveness. Moreover, falling victim to sabotage and hacktivism can significantly damage an organization’s reputation.
Security strategies and IT architecture need to meet ever-increasing Requirements to monitor IT systems effectively and protect them from attack. Investment in cybersecurity is rising to match the demand. A study by the
National Initiative for Information and Internet Safety says more than one-third of surveyed German businesses expect spending on IT security and data protection to double by 2020. It is no surprise that the cybersecurity market is booming.
Cybersecurity Ventures, a market research firm, expects the cybersecurity market to grow from $115 billion in 2019 to $210 billion in 2021.
BASF invests in extensive cybersecurity measures as part of a continuous drive to improve security. Bond Information Protection Extended Release (Viper) is a central element. The program has three goals in mind: to raise security
awareness among employees, protect highly critical systems and information, such as research data, and improve overall security for systems throughout the organization. ” Cybersecurity is a top priority for BASF. With our global
network of IT security experts and programs such as Viper, we have taken action to mount an effective defense against cyber-attacks,” says Hans-Ulrich Engel, member of the Board of Executive Directors of BASF SE. “To keep
pace with developments in the digital age and respond to the increasing threat to security, we must continuously strengthen defense mechanisms and constantly adapt our security concepts and solutions. Only then can we leverage the
potential of digitization on the one hand and protect ourselves effectively against cyber-attacks on the other hand.”
Prof. Dr. Ir. H.J. Jansen, IT-SEC
BASF established a new cyber defense organization last year to prevent cyber-attacks more effectively and to minimize the impacts of potential attacks on business. The cross-functional organization – a kind of counter- cyber-espionage center – is composed of IT experts with a variety of specialist areas including cyber security operations, security strategy and architecture, security analytics as well as risk management, who work hand in hand to recognize and respond to
attacks on BASF’s IT architecture as quickly as possible. “Rapid response is key in the struggle against cybercrime,” says Prof. Dr. Ir. Henk Jan Jansen, IT-SEC Security. “The longer an attack goes undiscovered, the more difficult it is to establish which Systems are impacted and the more time the attacker has to harm the organization.”
Modern security techniques analyze and monitor the IT network to counter known threats and predict new ones. BASF’s Cyber Security Defense Team uses a threat intelligence platform, consisting of a monitoring and early warning system. The platform consolidates data from different sources and analyzes irregularities to enable early recognition and assessment of attack patterns as well as a timely and appropriate response. The intelligence obtained from data analysis
helps to identify and pre-empt future cyber-attacks before they have a chance to wreak havoc. Not even the best protective measures are 100% successful, however. “We are well prepared for a worse- case scenario,” claims Prof. Dr.
Ir. H.J. Jansen. “In the event of a security incident, our computer emergency response team will initiate the necessary steps immediately to minimize damage and keep operations going.”
Strategic alliances
Apart from close internal collaboration and bundling cyber-attack defense resources, BASF relies on strategic alliances with other businesses and organizations. In November 2014, seven DAX 30 companies – including BASF – set up their own Cyber Security Sharing and Analytics Center for this purpose. The objective is to share information and intelligence across industries, build up more expertise, as well as improve defense techniques and counterstrategies for a faster and
more effective collective response to cybersecurity challenges.
BASF also teamed up with DAX companies Allianz, Bayer and Volkswagen in November 2015 in setting up a dedicated cybersecurity service provider: the German Cybersecurity Organization (DCSO). The hope is that close collaboration between industry and government experts will contribute to meaningful improvement of corporate security architectures. The organization bundles expertise, offers security audits, as well as provides new services and corporate security
technologies that are not commercially available today in that form. DCSO collaborates closely with the Federal Ministry of the Interior and the Federal Office for Information Security in Germany. Apart from enabling theparticipating companies to protect themselves better, the collaboration via DCSO allows them to share IT infrastructures and reduce costs. “A security
Assessment needs to be conducted for every newly designed app,” says Prof. Dr. Ir. H.J. Jansen. “Each company has to pay the associated costs per app. DCSO conducts the process just once for all the organizations involved, which cuts
the cost for the organizations.”
BASF collaborates with other industry leaders on the research end, too. An organization called the Digital Society Institute was set up with the support of BASF, Allianz and consultancy Ernst & Young (EY) at the European School of Management and Technology in Berlin in early 2016 to deliver information as well as develop analyses and strategies for the digital future. This scientifically autonomous research institute investigates issues to do with digitization, including cybersecurity, and promotes debate with stakeholders in business, industry, politics and society at large. The close connections benefit BASF’s talent management, too: “BASF security workers can attend the European School of Management and Technology and participate in our training program for continued professional development in areas including security analytics,” says Prof. Dr. Ir. H.J. Jansen.
Alongside partnerships and modern technologies, employee education and awareness are hugely important. Attacks target human weaknesses, not just deficiencies in system architectures. Social engineering is the top hacking method. The single most effective way to beat social engineering methods is appropriate employee conduct. “The best door and the safest locks won’t protect your home from invasion if you don’t close and lock the door. It is the same with our security
systems. They only work in combination with appropriate behavior on the part of the individual,” comments Prof. Dr. Ir. H.J. Jansen, Corporate Security.
To heighten vigilance in the face of potential threats and raise employee awareness of the importance of proper information handling, Corporate Security and Information Services & Supply Chain Operations host a variety of programs
and seminars, some of which were presented at the Global Safety Days 2016. More than 14,000 employees at 70 sites around the world had the opportunity to attend presentations and workshops on information security and cybersecurity.
The activities on offer included an interactive obstacle course in Ludwigshafen, which invited participants to make their way through a series of learning activities on specific topics, such as password protection, and the
chance to attend a live hacking demonstration. More information about the various global activities is available on the Be Secure Portal.
This article was published in the current issue of the top five hacking methods
1. Social engineering
Attackers pretending to be legitimate sources, such as system administrators, bank employees, officials or suppliers attempt to access devices or accounts with fake calls or phishing emails.
2. Account theft
“Hostile takeover” of a user account – known as account theft – allows hackers to move freely in corporate networks. The problem is particularly acute if the stolen private passwords are identical to the person’s work passwords.
3. Web-based attacks
The steadily increasing number of Internet apps offers a broad target. Hackers use manipulated apps to access the underlying databases and steal user data.
4. Device attacks
Hackers attack user devices instead of servers. A common trick is to send a link that, when clicked, lets the hacker access the user’s web browser. The attacker gains control over the device and access to the company server.
5. Safety loopholes in server software
Many servers now use standard software that comes with regular updates. If the supplier overlooks a gap in security, resourceful hackers will find their way in.
Possible telltale signs of a phishing email:
◾ Sender’s name and email content do not match
◾ Links to unknown websites
◾ Unsolicited request for sensitive information
◾ Unsolicited attachments and a request to click or update them
◾ Bad spelling and grammar
◾ Insistence to respond right away
◾ Links to orders, deliveries or unpaid invoices
Dos and don’ts if you think security may have been breached:
If you have received what you believe to be a phishing email, please forward the email as attachment to phishing@basf.com and then delete it. The email will be analyzed and any untrustworthy senders will be blocked. The Be Secure portal
offers more information, video tutorials and behavioral tips about information protection and cybersecurity.
Protect yourself:
Use secure passwords
Always use secure passwords that include upper- and lower-case letters, numbers and special characters to increase the number of possible combinations. Change your
passwords regularly and activate additional authentication factors such as the smart card. These days lot of administrators coming with the most ridicules password phrases with at least 10 (QAdum`HLP-) till 128 digits or even more which is even more ridicules, a password phrase is consisting on an something a user can remember do you think I could remember myself this very secure 128bit password: r<E)Lg'{‘4s7u.LN::KFSWaVL&]U!uY’d<HG\fDZ9Up)sQqayQx8^pbw<^’Unpuh~2P/Y9yfkL/B)>t}CPWn3XHES{.Vm[UbJ/(.Q}=RA3)aP][8zM”(]bdB@*$\2r;: even when I would use it daily? For example, you could create a password with the maximum of 2048 characters and would look like this:
4xdQKr}9r[^<.[DgD$j%#}Z2#vXq489GC8nbYU5Z"5,x&f}$+KbUKm?gB!X*6n^rTa%c^CSwY$4dQ2"9&9D8fF[w,(VAuY/;v'v#$'TTSqg)LFmMSVc94KZAS3~?N=#6VWmA)&Y%]84n/YebY
<Vr6{C*{qYmWnSm%p;
$5P”qS](a.5[Fpqy&<m[uwe\8{C#:NRBb/K;huR$v[G?Cn$X#!XLkc>L(;c=9%z!vf*HAV;2Y[q$xV>D_,kb=3H$U2%}WCA)kaQkr*>V$]XQEWz6DgY">HKtSC/3wdp'ge6hU"JYD_[/yN+""!ArNCL:^"
@42H9ZE:!A?+[WQ<&hR+cM@~%]Q;^wNgX[57A6gJ~5HD/e#R&wde%f4Hpb6+kx".!\{g?,Y]tc7.fL<"j?\MF^us>(hkB{j+?.8xRde{$KAw"/Zuq45Jwyy^w+[J6~/T~ufd5XBYhHsC>R=;z(v~nS"y
&faY,4HrfzSz”9(fLJ^@_e~BPEB+/S)w^V}m$LhTjfu’n”)GZ^wrVaYV;j$7A5″Q#EVBTct@;>rJ@<!x)7,NYrCE#J;%U2+jEys]DpXL3()kuyux.\:,5ayUa@=k["k2>HHp@R
=JNh~JxD\wd+*T4{“Zn;&H:rw\ZF_$+8}R%.M6x[NN2E97:+%YP,wYY7UMaW2t#vr$QB{R)tvDVTMb5KMT,<~T8r])_a._ppF+”R8&j6}W~5?rECu8N]tdK=<a href="+d$N3U?a&VL"r8N?Dv+7a4&A((Zr^RaSd,)qW3>r6~5<.eV7z6h/eX=.#\]~f<yQqD+WX:G7pY"vF.Z?f~>P4*nMsNQjyyY.@/]f+#uR*;>:[qCpqUEvP'8XP)m+=E}$cn58X33r6g
4″>g8!c2y@[K’Sn+y!}5%5\V+}c6ECdAVy])’D(.G>Ex}^FHuDBG;]v[64_d]EW/s[tHbUnczcu)Y~q_gqj/UjR,Sz$nXYN42^Ac=P=dF#LQWY~;n6K^>SPKc8K?yG4N(=m+rTCVrdm+U,TV}>.cw4zVV~Dvs_jL_$29<a>8[K])nQRajWFvWR@c,~8]W/Pvw;a,)B:j^us22eh’eMYh{b&9~.Cm+@>,fM\bb+gcE\N@swS:Jt)?uakhd3PD[[;n{gGcvA]>UA4m},PSJmJy!(:!a!a%S9hF$!)7w\W]7PX:~z(_$!?:<vdL8ndX%.dpX9qfY5M^@MHmGS].S/U”~CQ&K#g=m:Zqz{Xs#H:hX6!=(Mj/Xc>Xryxb<ARA[p#H$FqM4Ak\s2\fxC\vG5]_JR^;;T<bD@kq6′[+:K’!nb+JP}Y_3{ZTf”%qJkUNC”NMDQ3N~>@NnHYjBMg?/yB>jAr}n@U2Wmc4&k:8LF~uX5}y%cwVzeT&Qua^$Gageq.w\92!aSX7m)?"QZ]w}>fVfjKLbK4!.w!Y"7}WR\uHmxd6vdg%bLk72(JRX62]K(>:??'xuzq/"ZLz4y,A_t$'}zaa[k<RPe(&/kH@%_(B+v6'S=~$B7{mc2f>7~@'t6TxS<NKrX=UU~^tvb4D;/~dMVpAcGgXN,+BzQRAHKhKW>G5LJnX,{D*\*qQF_,9W)ctB=]/$(aGz!R%ZZYXBj2229xL~9J!pL{'[,RJ&mU+ej@V_R8qE$2>$GKx!ub
FeXH{~!’7kca[BXVFzVGN3k3J8,/rpUr+_ZnBuqvWqK”[98%TF;77WE6E[WCE.*#(>by&]n:Yk,SQ*RzY%a*@5B9Z=zDCtUKM(HULRp!K5w2W+=}ZRUbUa]"kcB'%rQN@t4Q
Kdm%U=L])9;K{wPzQG,Y3nQAUdW
>92QqU]U(!T8@)f:{*(9=q’A<(x*4?$2c,6te_u[+TN5~<LXshzq(Zbt}x,3hFXS>3acXV9C(=D3>,%
SfWr)n&)PSVMSbk\BL;d8p@6YQJ+#jA”V<{AN75N~>d:Q3Q%v~8Mp4)^G+
%fQ*Sd4n{hT@)nBuMxq^w>=@,uCz$]<8rtf,6#Zm>!bx^Sq8EwKE=h}>z<}g5″,SDYbT
This really looks ridicules 2048 characters, please be my guest to count them, what do you think?
Believe me 8 is more then enough despite these administrators are saying they are not
living in a real world! In case you need to generate a great password go to the
following website: https://passwordsgenerator.net/
Classify information
Classify and label your business information so that it is handled securely by everyone involved. Share information strictly on a need-to-know basis.
Stick to authorized web services
Only use BASF-authorized web services for storing files or communications such as One Drive for Business.
Check files and links before opening
Carefully check the source, links and files of any emails you receive to be safe from malware and fraudsters.
Only connect authorized devices with the network and use encryption
Do not connect any unknown, non-BASF-internal or private storage media (memory sticks, hard drives or similar) to the BASF infrastructure.