IT Security

In 2022, the degree of threat emanating from cyberspace was greater than ever before. Ransomware attacks can be noted as the main cause of the enormous damage: DDoS attacks increased by 42 per cent and the number of vulnerabilities in software rose by ten per cent.

The IT security situation, which was already tense, thus became even more acute. Due to digital transformation, the targets of attacks are continuously becoming more lucrative, given that more assets are available in digital form. More and more complex IT systems and infrastructures are not just increasing dependencies and the share of software, but also the number of connections between the IT systems. On top of that, a growing number of suppliers are also becoming involved. As a result, the attack surface is visibly increasing. Arising from this development, the criminal ecosystems are becoming all the more successful, meaning that the attackers’ methods are not only more intelligent, but can also be implemented on an automated basis.

All of these aspects make it abundantly clear as to how essential cybersecurity is for our digitalization, in order to be able to shape a secure and trustworthy future.

Digital identities

More and more services are shifting from the analogue to the digital world.

In order for users to be able to confidently use online services – regardless of whether they are provided by public or private providers – what is needed is a secure and Europe-wide standardised solution for authentication.

In spring 2022, the analyst firm techconsult surveyed approximately 300 citizens, 170 companies and 40 public authorities on behalf of eco in order to compile the study “Security & Digital Identities in a Digitalised World”. One of the study’s findings showed that 35 per cent of the citizens surveyed would like to have a central digital identity.

The advantages of digital identities for companies, public authorities and citizens are manifold: a well-functioning infrastructure for digital identities will increase the degree of digitalisation of many processes, significantly improve privacy protection, be of great economic relevance, and also create a high level of acceptance for the digital future.

Security Competence Group

“Digital Identities” was also one of the main topics of the Security CG in 2022. As such, the CG met in Cologne on the topic of “Security & Digital Identities in a Digitalised World”, having already organised a meeting on “Secure Software and Software Development” at it-sa.

The IT Security Survey – conducted last year by the Security Competence Group – shows that ransomware was once again seen as the biggest threat in 2022.
In the 2023 IT Security Survey, employee awareness and contingency planning were the top security measures, closely followed by the topics of cloud security and data encryption.

Anti-Abuse Competence Group

The Anti-Abuse CG is a closed working group which plays a particular role in serving the confidential exchange between hosters and ISPs. Within the framework of the topDNS initiative, the members of the CG developed a catalogue for the definition of abuse cases and participated in an EU Commission workshop to flesh out the topic of DNS abuse and to explain the terminology to the Commissions’ participants.

All in all, the working group made valuable contributions to the development of the German coalition agreement’s positions and to the Ransomware Initiative.

Active participation in commenting on the German coalition agreement

As part of a member workshop involving the Anti-Abuse Competence Group and the Security Competence Group, eco developed a statement on the specific positions of the German coalition agreement. The determination of the new German federal government to advance IT security and to call on it from business and public authorities is an important step towards strengthening digital security, and is also a great opportunity for both the industry and the European market.

Important signals include: a clear rejection of indiscriminate retention of traffic data, the requirement for strong encryption for all, a clear obligation to disclose or report security vulnerabilities, and the strengthening of the German Federal Office for Information Security (BSI) as a central body for IT security.

The points noted demonstrate the commitment to the following: to strengthen IT security; to make this a requirement in the design process of new devices, services and software projects; and to also promote it. In addition, this is accompanied by a strengthening of personal data protection.

Congresses and trade fairs

In 2022, eco was present at numerous events and trade fairs regarding IT security. In May 2022, for example, eco provided a presentation at the Cybersecurity Day of the Alliance for Cybersecurity, which finally took place again after a long break. eco also had representatives at the IT Security Day NRW in Siegen, the SEC-IT of Heise Verlag and the “Human Firewall Conference” in Cologne.

At it-sa – Europe’s largest trade fair for IT security – eco presented itself in 2022 with a joint stand and its (anti-)Ransomware Initiative. In this setting, Markus Schaffrin, Head of Member Services, held an expert talk together with the partners of the Ransomware Initiative, while the Security CG met on the topic of “Secure Software and Software Development”.

ISD 2022

From 29 to 30 September 2022, the Internet Security Days (ISD) returned to Phantasialand near Cologne: 31 presentations in four main topics attracted IT experts from all over Germany to discuss IT security challenges on site in Brühl, and helped to maintain old contacts and to cultivate new ones.

The extensive conference programme and the accompanying exhibition offered ample space for networking and exchanging experiences. With around 250 participants per day, the 12th Internet Security Days in Phantasialand Brühl were a complete success.

Ransomware Initiative

As the war in Ukraine continues, the cyber threat situation has intensified. In particular, companies and public authorities are affected by attacks with ransomware. According to the German Federal Office for Information Security (BSI), cybersecurity attacks of this kind are becoming the greatest IT security threat. This corresponds with the results of the eco Association’s annual IT Security Survey, as the respondents also considered ransomware to be 2022’s greatest threat. For this reason, eco launched the German “Ransomware Initiative”. Together with partners Microsoft, Rohde&Schwarz and Sophos, the defined goal is to raise awareness of how ransomware endangers companies and what measures can be taken against it. The Ransomware Initiative serves as a contact and information point for small and medium-sized enterprises and connects them with security authorities and partners from the IT security industry.

Prof. Dr. Norbert Pohlmann
eco Board Member for IT Security