Better To Be On The Safe Side

2023 Author: Hannah Pearcy | [email protected]. Last modified: 2023-06-05 23:50

Hello, this is Christian. I am new and have just completed my first construction. The colleagues say you are the expert for this. Attached is my draft - can you just take a look over there?”A cyber attack could look something like this. Of course, the PDF in the appendix does not only contain a sketch, but rather malware that can spread in no time on your own computer and in the company's network. Criminal attacks on companies like this cause record damage in Germany. Sabotage, data theft or espionage causes a total loss of 102.9 billion euros per year to the German economy, according to a message from Bitkom.

Cyber attacks have many faces

The possible attack scenarios today go far beyond hacking, i.e. the use of vulnerabilities in the architecture of operating systems, CMS, PC software, servers and databases. The example described above is called spear phishing. Your own company or even an individual employee is specifically addressed. At first glance, this is a typical process in day-to-day business - with the difference that the appendix does not contain a scanned construction sketch, but was manipulated with malware. Behind social engineering is an interpersonal influence with the aim of inducing certain behaviors in people, for example to persuade them to disclose confidential information.

The USB Drop is also popular: Behind it is a found or gifted USB stick. The external data carrier was manipulated with malware, in some cases with which the connection to the affected work computer is sufficient to infect it.

Digitization complicates security

The threats are varied and should not be underestimated. Data security is therefore of central importance for all machine builders, especially when it comes to protecting intellectual property such as CAD data or construction plans. To make matters worse, three developments in the context of digitization currently have a direct impact on mechanical engineering:

• CAD data for individual components are available in heaps for download.
• In addition, the implementation of 3D designs is becoming easier and easier.
• Companies simply exchange design data over the web.

Both the increasing share of digital data in day-to-day business and the opening of the company through the Internet connection to the outside world mean that machine builders are faced with new tasks. Because the valuable know-how of German mechanical engineering is bundled in files on the work computers of the individual companies. These files sometimes contain the expert knowledge of a special machine builder or are essential for the timely implementation of a time-critical project.

Accordingly, the data must not fall into the wrong hands or be damaged by an external attack. Conversely, this means that high prioritization of data protection and data security for mechanical engineering must become a cornerstone of any future strategy.

The importance of data security is increasing

Konstruktionsspraxis wanted to know what this development means for the work of the designer and asked Lenovo and Dell. Mr. Michael Hausner, Business Manager Workstations at Lenovo, says that customers in the construction and development area attach great importance to data protection. "This is why they pay more attention to security mechanisms when making new purchases. In this customer segment, in particular, the implementation of security mechanisms is of central importance, because ideally all protective measures should run unnoticed in the background so that users do not have to deal with them in their everyday work," Hausner continues.

Protection of desktop workstations

However, it is still important to differentiate between stationary and mobile work. Because in the area of stationary workstations, according to Marcus Reuber, Product Manager Enduser Computing, Dell Technologies, most users limit themselves to the concept that has already been implemented and implemented by IT, simply because of the lack of necessary rights to the system, which in turn are part of the security concept. For many users, the security of stationary systems consists of domain authentication and decentralized data storage.

Virtual workstations offer high protection

"It is much more difficult when the notebook travels with sensitive data. Then the device should have specific security features such as hard disk encryption or pre-boot authentication," continues Reuber. Technologies such as biometric user authentication via Windows 10 Hello now also make it possible to implement the topic of access authorization and data security in a very user-friendly manner.

"Conceivable alternatives are decentralized access via VPN or even construction via WAN on a virtual workstation hosted in the data center," said Reuber. Because even if the notebook is lost or stolen, the data is protected because it is safely stored in the data center. But even without a data center in the background, in the event of theft or loss, the data can be deleted “at the push of a button”, provided the right service concept is used.

Dell's workstations offer these possibilities for data security

The workstations from Dell offer a variety of security options to meet the individual requirements of customers and the most varied of application scenarios. "These range from classic functions such as fingerprint sensors - with our Dell mouse MS819 with integrated fingerprint reader also an option for stationary workstations - or smart card readers to extensive software solutions, for example for data encryption and virus protection, to special managed devices Services offers, "explains Reuber.

Trusted devices are the secure foundation of the endpoints: Dell Trusted Devices protect customers from BIOS threats and ensure that end users can work safely. "In a further step, we look at the trustworthiness of the data." Here, our customers benefit from innovative threat protection and modern data security in order to protect companies and their sensitive data against cyber threats, "continues Reuber.

With Dell Technologies Unified Workspace, the company also offers a comprehensive solution for provisioning, securing, managing and supporting end user devices via the cloud.

Lenovo's workstations offer these possibilities for data security

According to Hausner, workstations from Lenovo offer a range of security functions that are largely freely configurable and can therefore be adapted to the needs of individual companies. This includes all possible measures such as RAID options, hard disk encryption and login using biometric data. However, the safest way to store data is externally, which is why fast additional network cards can be configured on all desktops.

In the field of mobile workstations, Lenovo also offers numerous security options under the 'Think-Shield' label, such as the Think Shutter, a mechanical slider that hides the webcam, or optional Privacy Guard options up to a self-healing BIOS that can be restored in the event of attacks or damage to protect users in all areas.

HP's workstations offer these possibilities when it comes to data security

HP also offers its customers extensive integrated security functions ex works:

• HP Sure Start Gen4 detects, protects and regenerates itself from BIOS attacks.
• HP Sure Run is hardware-based self-healing protection in the operating system.
• HP Sure Recover automatically restores the software image.
• Privacy protection via HP Sure View is just as standard as HP FIPS-certified and self-encrypting drives, which guarantee hardware-based full drive encryption.
• Sure Sense recognizes the "pests" on day "0" thanks to built-in AI

Data protection in the workplace

Data protection - what can I do, what can my boss do?

An overview of additional information on possible cyber threats

• Social engineering: Interpersonal influences with the aim of inducing certain behaviors in people, for example to persuade them to disclose confidential information. Illegal access to profiles in social networks form the basis for targeted attacks on individual companies. For example, the trick is popular that an attacker pretends to be an employee of an important customer's IT department via a fake e-mail sender. Due to an IT error, there was a data loss, combined with the request to make the construction data of the last three months available again.
• Spear Phishing: It is no coincidence that the name of this method is similar to "spearfishing": Ultimately, it describes the focus on a specific target. Translated to the technical context, this can be a manipulated email that contains a request typical of the industry. As a rule, the form is also correct, which clearly sets the phishing method, which is more complex for the attacker, apart from the usual spam messages. Your own company or even an individual employee is addressed correctly. At first glance, this is a typical process in day-to-day business - with the difference that the appendix does not contain a scanned construction sketch, but was manipulated with malware (malware).
• USB Drop: Behind it is a found or gifted USB stick. The external data carrier was manipulated with malware (malware), in some cases with which the connection to the affected work computer is sufficient to infect it. If the work computer is not infected during the initial connection due to insufficient security settings, this is the case at the latest via one of the manipulated files on the data medium.
• Ransomware: Also known as a blackmail Trojan. With these malicious programs, an intruder can prevent the computer owner's access to data, its use or the entire computer system. Once activated, the malware begins to encrypt all data on the computer, including documents, CAD projects and draft sketches. An individual ransom note is then automatically created based on the number of successfully encrypted files.
• Hacking: Hacking describes the use of vulnerabilities in the architecture of operating systems, CMS, PC software, servers and databases. These vulnerabilities are used to infiltrate malware or to gain access to a company network. This poses the risk of illegal marketplaces. On these, a lively trade is carried out with the knowledge of, in doubt, very lucrative points of attack.