What an exciting first day at this year’s KRITIS Praxis Forum: Our workshop on “Incident Response” met with tremendous interest from the participants and led to lively discussions afterwards. The audience was astonished when the two security experts from SECUINFRA, Evgen Blohm and Marius Genheimer, explained how the Industroyer2 malware was used to launch a large-scale hacker attack on Ukraine’s energy suppliers last year. This example illustrates very well the many challenges that German companies also have to face in the face of an increasing number of cyberattacks. These are particularly high for operators of critical infrastructure. After all, it is important to detect attacks on their productive systems as early as possible and to take suitable countermeasures quickly. Of course, it would be best if there were never a security incident due to cyberattacks. It was clear to all participants that this unfortunately cannot be ruled out one hundred percent. However, there was a great deal of disagreement about how companies in the water and energy supply sectors or public transport and other municipal companies should protect themselves in concrete terms.
So it was only fitting that Evgen Blohm and Marius Genheimer took a look at the options for KRITIS companies. For example, they showed how critical infrastructure operators can secure their OT environment and provided some best practice recommendations. One of the main problems here is how to efficiently implement a 24/7 service. Smaller companies in particular often do not have the capacity for this. It is therefore only too understandable that they look for a strong external partner. We are of course delighted when SECUINFRA is chosen, and I think that our MDR (Managed Detection & Response) service for KRITIS companies, especially in combination with “KRITIS Defender” from Ausecus, is a good solution. In this respect, it was very convenient for the participants that our workshop took place directly after the KRITIS Defender User Group session by Jochen Haaf and Sascha Jäger. There, too, the interest was huge and the discussions extremely lively. We are therefore very excited about today. We will continue at 11 a.m. with our presentation: “Extortion without Ransomware”, in which the security specialists from SECUINFRA will present the Threat Actor “BianLian” and show how we proceeded with this incident.