A Successful Cybersecurity Event: Knowledge, Exchange, and Practical Insights for Companies

A Successful Evening Filled with Insights

It was a great pleasure to welcome numerous guests to our latest cybersecurity event, hosted in collaboration with the LKA (State Criminal Police Office). Right from the reception, the breadth of interest was evident: representatives from a wide range of companies, IT specialists, and decision-makers from SMEs and the skilled trades sector all engaged in lively conversation. One thing was palpable: Digital security has become a top priority for leadership—and it affects organizations of all sizes.

Current Situation and Practical Insights: Focus on the LKA and Police Work

Volker Peters from the LKA provided a concise yet very personal introduction. Easily recognizable as part of the cyber police force in his blue polo shirt, he has been a direct point of contact for the economy in Lower Saxony for years. He impressively highlighted just how high the pressure on companies has become:

In 2024, the economic damage caused by cybercrime amounted to a staggering 266.6 billion euros. He reported specifically on cases in the north, such as a biogas plant and a beverage distributor, which were targeted right here in the region.

He also highlighted a study by the digital association Bitkom, showing that seven out of ten companies today fear both digital and analog attacks—including the theft of documents, eavesdropping on meetings, or even the theft of machines and components. According to the police, this hybrid threat landscape has long been part of everyday life:

"Anything that deviates from normal operations can be a sign that someone is hiding in your network." – Peters’ clear statement.

The clearance rate is also alarming: it stands at only about 30 percent. In 2023, only 43,242 of the 134,407 registered cases were solved. In most cases, the perpetrators come from organized crime (61%)—the often-cited "Underground Economy." Here, various tasks for an attack are literally advertised and rewarded with salaries, vacations, or bonuses, just like in traditional companies. "Lone wolf" hackers have become rare. Even more challenging: As professionalization advances, perpetrators operate with international coordination—45 percent of attacks originate from China, 39 percent from Russia, increasingly on behalf of foreign authorities.

Another brazen tactic involves so-called "disposable agents": unsuspecting people are recruited on social networks for one-off jobs—whether to steer drones for espionage or to divulge information as insiders. Sometimes, publicly available information is enough to prepare effective phishing campaigns or targeted social engineering attacks.

In all of this, one must not forget: Many cybercrime offenses are legally still classified only as misdemeanors (Vergehen). Only extortion turns the case into a felony (Verbrechen), which allows the police and judiciary to use different tools, such as house searches.

Police Tip: Take every unexpected deviation from standard operations seriously! Instruct your employees never to send sensitive data via insecure channels. And: Every suspicious message or email can be forwarded anonymously to the central contact point for cybercrime—the LKA's "Trojan inbox" is open for this purpose.

The better the protection, the lower the probability of occurrence and the lower the damage.

Highly Current Requirements: NIS2 and the Cyber Resilience Act – What Companies Must Do Now

In the second part of the evening, Janis Kinast, our in-house cybersecurity expert and frequent speaker at our events, demonstrated the new requirements arising from European legislation.

Since October 2024, the NIS2 Directive has obliged larger and sector-specifically critical companies to implement more cybersecurity measures. These include regular risk analyses, modern protection measures for IT systems, emergency and crisis management, and securing the supply chain. Key terms here include Multi-Factor Authentication (MFA), strict access management, and constant monitoring of the system landscape—all according to the state of the art.

Small and medium-sized enterprises (SMEs) are also coming into sharper focus, as they are often part of value chains or service providers for critical infrastructures. Requirements are becoming stricter, and documentation obligations more comprehensive.

With the Cyber Resilience Act (CRA), the EU is also holding manufacturers of digital products accountable: From the start of development, cybersecurity assessments and technical documentation must be created, discovered vulnerabilities must be addressed for at least three (sometimes five) years, and a so-called Software Bill of Materials (SBOM) must be maintained. The goal is maximum transparency and security over the entire product lifecycle.

Crime is Becoming More Professional – Companies Must Provide Professional Defense!

The evening demonstrated in practical terms: Attackers today are faster and better organized than ever before.

• Zero-Day vulnerabilities are quickly exploited, and access data is sold by so-called "Access Brokers" on the black market.

• Attacks are no longer just digital, but also analog and hybrid: devices are stolen, phone calls are intercepted—anything that reveals knowledge about business processes becomes a vulnerability.

• Social Engineering attacks, phishing, and targeted manipulation are the order of the day.

What Companies Can Do Specifically – Key Takeaways

The police and experts jointly advise:

• Train all employees and build a "human firewall"!

• Check access controls and the protection of sensitive discussions—even in online meetings.

• Implement regular backups and create emergency plans that are actually tested.

• Introduce strong passwords and Multi-Factor Authentication, and limit rights according to the principle of "least privilege."

• Segment your network and use monitoring and logging.

• Stay in contact with the central contact point for cybercrime and use their help in case of suspicion.

• A practical resource: A "Trojan inbox" is available for forwarding suspicious emails.

The bottom line is: Prepare yourself before an incident occurs—and consider analog risks as well! Even strengthening awareness, access controls, and reporting chains can decisively stop attackers in their tracks and lay the fundamental building blocks for resilience against cyberattacks.