Security
The issue of security is of central importance to eco in order to strengthen trust in the Internet. In addition to various initiatives and services, a dedicated Competence Group deals with current security issues from an industry perspective. Another Competence Group, Anti-Abuse, is used for internal member dialogue on current anti-abuse issues.
Once a year, eco surveys its member companies as part of the “IT Security” study to assess the threat situation, evaluate current security issues and analyse trends. The topics covered range from personnel and organisational security to protecting IT systems, securing mobile communication technology, security management issues and raising employee awareness.
A strong defence is not only a prerequisite for success in football. For medium-sized companies, IT security must also be integrated into the overall concept of corporate IT to successfully ward off attacks. On 26 April 2023, the Borussia Dortmund football club was among those who reported on how this could be achieved. Experts shared their expertise and best practices with around 50 participants at the German-language “Dortmund Protected” event.
After the IT Security Study 2023 was finalised, on 3 March we presented its results and analysis at the “Dortmund Protected: ESET Security Day” at the BVB training ground.
The study was officially published by the association on 11 April, with this entitled eco IT Security Study 2023: Many companies still underestimate the threat situation. Also in March, Michael Weirich compared the results of the 2023 study with those of previous years as part of an IT security talk for it-sa 365.
“Cybersecurity in the supply chain” and the “Software Bill of Materials (SBOM)” were the dominant topics at the first 2023 meeting of the Security Competence Group on 3 May, which was held as an online-only event. The EU’s new NIS2 Directive and the planned EU Cyber Resilience Act were also noted to require SBOMs. “Suppliers and users should familiarise themselves with SBOMs, as the provision of SBOMs will soon be required from suppliers in many market sectors. Users should already be demanding SBOMs from their suppliers, even if many providers are not yet in a position to provide them,” stated Oliver Dehning, Head of the Security Competence Group at the eco Association.
In today’s digital economy, the security of our supply chains is crucial for companies’ economic success. However, state-of-the-art supply chains are increasingly becoming the focus of attackers. The numerous interfaces and diverse systems offer multiple gateways for potential threats.
“The frequency and complexity of attacks on supply chains are likely to increase, as they are more effective and potentially more lucrative for attackers than other attack scenarios”, concluded the experts from the eco IT Security Competence Group at their German-language meeting on 22 November at the eco Kubus in Cologne. Here, they developed tips and strategies on how companies can protect themselves: IT Supply Chain Security: eco Security Competence Group Develops 6 Tips.
“Modern software supply chains are becoming more vulnerable to attacks,” said Matthias Riedel from SAP. He gave a global overview of the economic and social consequences of attacks. “Attackers are exploiting security gaps and the trust between customers and service providers to spread malware or infiltrate networks”, said Maik Wetzel from ESET in his presentation. Using prominent examples such as NotPetya, Kaseya and Solar Winds, Wetzel illustrated the far-reaching impact that attacks can have on the supply chain.
In 2023, eco was again represented with a joint stand at it-sa in Nuremberg. Together with our partners GlobalDots, NameShield, NorthC, and Plusserver, we were on hand to discuss current topics in the Internet industry with our visitors, and to present current projects and initiatives related to security and digital transformation.
Congresses and trade fairs
In 2023, eco was represented at numerous events and trade fairs relating to IT security.
Together with our co-exhibitors GlobalDots, Nameshield Germany, NorthC Datacenters Germany and plusserver, we provided comprehensive information on the topic of cybersecurity at it-sa 2023 and held many exciting discussions with visitors. Our Managing Director Alexander Rabe was also happy to welcome the Federal Office for Information Security (BSI) President Claudia Plattner to the eco joint stand.
ISD 2023
The motto for the 2023 Internet Security Days was: Backup for Tomorrow and was divided into two parallel lecture series on four main topics: Achieving the State of the Art, Future Security, Digital Supply Chain Security and Connected Security.
The approximately 250 participants per event day were offered 40 exciting presentations and panel discussions as well as numerous opportunities for networking and in-depth discussions.
Read more about the 2023 Internet Security Days here.
Publications and short studies
- Only 22.5% of Germans Use Cloud Services to Secure Private Media
- One in Four Germans Pay with A Smart Device – eco Provides Security Tips
- One-Third Work Outdoors in Summer – eco Gives 7 Security Tips
- eco Survey: Germans Still Slack When It Comes to Backup
- eco Association Recommends Strong Passwords Instead of Frequent Password Changes
- Health Apps Are Used by One Third of Germans
Interviews with our members
- Three Questions for Thomas Wagner, Myra Security
- INSPECTION Research Project to Identify Hacked Websites (Anne Hennig, KIT)
- Three Questions for Dr Silvia Knittl (PwC) on the Zero Trust Approach
- “Penetration Tests Reveal One’s Own Deficiencies” (Sebastian Schreiber, SySS)
- Three Questions for Tarek Nemri, plusserver gmbh
- Five Questions for Carsten Stöcker, Spherity GmbH
- Three Questions for IT Security Expert Oliver Dehning
- Interview on IT Security in SMEs with Michael Schröder (in German only)
- Supply Chain Security: Interview with Stefan Hessel, Reusch Rechtsanwaltsgesellschaft mbH
Anti-Abuse Competence Group
The first meeting of the Anti-Abuse Competence Group (CG) on 22 April 2023 focused on the topDNS initiative and the reasons for the Anti-Abuse CG to get involved. The topDNS initiative was launched to protect the interests of our members vis-à-vis politicians and counter the efforts of the content industry to shift anti-abuse handling entirely in the direction of hosts, telecoms companies and registrars.
A study on DNS abuse was carried out by representatives of the content industry together with ICANN, spelling out how most abuse categories were wrongly assigned to the DNS but were de facto “normal” abuse. The Competence Group sees it as its duty to provide politicians with information/data and statistics and to clarify terminology so that the interests of our members are safeguarded, and stricter regulation is averted.
During this time, a meeting was also held in Brussels with the EU Commission, in which Patrick Koetter, Head of the Anti-Abuse CG and an expert on the DNS (and DNS security), took part to clarify terminology and make recommendations for action with the Commission.
On 5 July, the Anti-Abuse CG met for its second meeting in Cologne. Oliver Dehning, Head of the Security Competence Group, was invited as an external guest to speak about the “Software Bill of Materials (SBOMs)”, a topic that is also becoming increasingly important from a security perspective. After security incidents such as the supply chain attack on “Solarwinds” or the log4J incident, the question inevitably arises: “Are we also impacted?”. In his outlook, he presented some tools for managing and creating SBOMs and discussed possible use cases for a software bill of materials in the company. A brief explanation and tool overview were prepared by the Anti-Abuse CG following the meeting: Briefly Explained: Software Bill of Materials (SBOM).
Winfried Kania, Anti-Abuse Engineer at IONOS Hosting Security, explained the measures IONOS uses internally to protect employees and the brands they represent from phishing and spam. He presented internal tools and processes to respond early to threats and support employees in reporting phishing against IONOS brands.
Ransomware Initiative
The eco member companies Microsoft, Rohde & Schwarz and Sophos AG clarify on the German-language initiative website how ransomware jeopardises companies and what measures can be taken. The initiative published an explanatory video (in German) to raise awareness among companies about the dangers of ransomware.
At the Cybercrime Roadshow on 6 June 2023 at Sparkasse Essen, the Ransomware Initiative presented the “History of Ransomware”, starting with the first ransomware in 1989 and continuing until the latest developments after 2020.
The Ransomware Initiative serves as a contact and information centre for small and medium-sized enterprises and connects them with security authorities and partners from the IT security industry.
