IT security is changing with the times
It is a declared goal that Germany’s digital infrastructures should be among the safest in the world. The IT Security Act, which came into force in July 2015, is intended to form a blueprint for this purpose, and to ensure the leading position of Germany in the fight against digital threats. The Federal Office for Information Security (BSI), which is also responsible for the ISO 27001 Certification based on the IT Baseline Protection Catalogues, has been setting the course for this. At the European level, too, the potential danger is taken into account by the * Directive on Network and Information Security (NIS) *, the counterpart to the German IT security law. Through the EU-wide strengthening of resistance to risks from the Internet, such criminal energies should be further restricted.
Hazards and risks
This is to be assessed as a reaction to a hazard, which could not be more concrete: The Federal Office of Criminal Investigation has estimated the number of digital attacks on German companies at 300,000 a day. According to the Federal Office for the Protection of the Constitution, the federal networks are targeted over a million times a year by hackers with financial interest, by politically motivated “hacktivists” and, of course, by secret services. The BKA has been warning on the internet for years, both in the private sector and in the company environment. Acquired thieves in the form of security-critical corporate interiors are regularly subject to blackmail.
Vulnerability of passwords
Due to the rapid digital revolution, more and more focus is being placed on the topic of password security in particular. Passwords, which were still relatively safe 5 years ago, have to be put to the test again due to technical progress. Only randomly selected passwords with a corresponding number of digits can really defuse this problem. It is also important to ensure that these passwords are changed at predefined intervals.
The solutions of the MATESO Password Safe
The safest passwords are still those that can be completely hidden from the users. Automatic entries allow users to work efficiently without knowing their passwords. By means of the most advanced methods of the Password Reset, these access codes can also be reset automatically at intervals that can be as short as required. There are also safety mechanisms which link access to systems to a release by those users with the required permissions, according to the double-check principle. All these routines are backed up by highly complex encryption methods. Regular penetration tests ensure that the software is specifically tested by independent experts for weaknesses in architecture as well as the correct use of state-of-the-art cryptographic technologies. Conclusion: Human misconduct in the handling of passwords must be reduced to a minimum by technically enforced specifications and workflows. Christian Strobel, COO of MATESO GmbH: