Building Cybersecurity Awareness: Empowering Workforces to Tackle Cyberattacks and Threats
DUESSELDORF – 40 percent of industrial companies in Germany provide regular cybersecurity education and training for their employees, while 27 percent include cybersecurity rules and procedures in their employee handbooks and company policies. “That may sound substantial, but it ultimately shows that a large part of the industry is still not doing enough to protect itself from hackers,” says Jan Wendenburg, CEO of the Duesseldorf-based cybersecurity specialist ONEKEY. This insight comes from the ‘OT+IoT Cybersecurity Report 2024’ by ONEKEY, which concludes that the German economy continues to underestimate the risk of hacker attacks targeting machines, industrial control systems (Operational Technology, OT), and the Internet of Things (IoT).
According to the report, only 11 percent of the industry systematically trains employees to recognize threats from cybercriminals. “For instance, if a production line or packaging robot isn’t functioning properly, the machine operator should also consider the possibility of a hacker attack,” explains Jan Wendenburg. “Without proper training, this critical thinking won’t happen, and the presence of hackers is often only discovered after significant damage has already occurred.”
More Than a Third of Companies Uncertain About Cyber Resilience Checks
62 percent of the industrial companies surveyed conduct regular cybersecurity audits. Among these, 24 percent rely on external assessments, 18 percent conduct internal assessments, and 20 percent use a hybrid approach that combines internal and external audits.
“For more than a third of the industry, it seems unclear whether or to what extent a regular or even occasional audit of resilience to hacker attacks is carried out,” says Jan Wendenburg, surprised at the current approach to one of the greatest threats of our time. Almost a fifth (19 per cent) of respondents admit that they do not conduct any cyber security audits, either internally or externally.
The statistics of the Federal Criminal Police Office (BKA) list almost 135,000 officially reported cases of cybercrime last year and assume that 90 per cent of these are unreported. “That would correspond to more than 4,000 attacks a day,” warns the ONEKEY CEO. The German Federal Office for Information Security (BSI) wrote in its status report last year: “The threat from cybercrime is higher than ever before.”
Despite the threat situation, less than half of companies (46 per cent) are satisfied with the measures they have taken to protect themselves against cyber criminals, according to the survey. “It’s high time to act,” warns Jan Wendenburg. He explains: “A first step is to subject the software in all connected devices to a thorough check and uncover any vulnerabilities.”
Leveraging a Product Cybersecurity & Compliance Platform for Effective Audits
To address this, ONEKEY operates a Product Cybersecurity & Compliance Platform (PCCP) that thoroughly analyzes the software in industrial control systems and networked devices to identify security vulnerabilities. “Such an audit not only documents the current status but also provides specific recommendations for necessary improvements,” explains Jan Wendenburg. He adds, “From 2027, anyone launching a networked electronic product with known exploitable vulnerabilities on the EU market could face fines of up to EUR 15 million. Therefore, documenting security is crucial not only from a technical standpoint but also from a legal and financial perspective.”
In the first half of 2024 alone, the US National Institute of Standards and Technology (NIST) published around 15,000 “Common Vulnerabilities and Exposures” (CVEs for short), i.e. security gaps and vulnerabilities in software. “The challenge is huge,” says Jan Wendenburg, and explains: “This makes it all the more urgent to swiftly implement the measures necessary to improve cybersecurity in line with legal requirements. Audits and employee training play a key role in this. We recommend including this in the list of good intentions for 2025 – and then implementing them.”
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated Compliance Wizard™ already covers the EU Cyber Resilience Act (CRA) and requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
Contact us: ONEKEY GmbH,
Kaiserswerther Str. 45, 40477 Duesseldorf, Germany,
Sara Fortmann, e-mail: sara.fortmann@onekey.com,
website: https://onekey.com