Patrick Kurtz is the owner of Kurtz IT Service. In an interview with Businesstalk on the Kudamm, he talks about the race between IT security systems and cybercrime.
The Shortage of IT Specialists in Germany
In information technology (IT), there is currently a shortage of tens of thousands of specialists, who apparently are not being replaced by graduates from German universities. Does it make sense to hire and integrate specialists from abroad?
Patrick Kurtz: In the short term, this can certainly fill competence gaps. However, the question of perspective arises. The federal government has never hidden the fact that it has little connection with IT – most impressively demonstrated by Angela Merkel’s famous statement that the internet is “new territory for all of us”. If a country is governed for fifteen years with such an attitude, it is hardly surprising that it shows a significant development lag compared to many other industrialised nations and even some so-called developing countries. If this trend continues, where domestic education does not meet the demand for qualified IT specialists, one inevitably becomes dependent on third parties, not only in terms of personnel but also technologically. I consider this very unwise, especially in an industry of such future relevance.
The Future of Storage Capacities
Industry, commerce and private individuals increasingly rely on IT. Storage capacities must grow continuously, and data volumes are becoming ever more gigantic. Will we soon reach a point where data security can no longer be guaranteed?
Patrick Kurtz: From a technical perspective, I currently do not see a critical point regarding storage capacities. The development of capacities can easily keep pace with demand growth. Nevertheless, storage capacities should not be treated carelessly. From a business perspective, it is highly advantageous to keep your own data organised and to consistently remove unnecessary data. IT is also becoming increasingly relevant for the climate. The goal must be not only to prevent the ecological footprint from growing but even to reduce it with more energy-efficient storage options. Achieving the balance between full functionality and climate-conscious action is far from easy, and unfortunately it is not a focus everywhere.
The Ultimate IT Security System
There are constantly new reports of hacker attacks on vital servers and facilities (hospitals, administrations, banks). When will there be the ultimate security system that blocks cybercrime?
Patrick Kurtz: Never. It is a bit of a chicken-and-egg problem. Attackers and defenders depend on each other. The better the protection mechanisms, the better the hackers become. Based on previous experience, they are always able to adapt quickly and keep up with every development. It is a race in which there can only ever be stage winners, but never a championship trophy.
The greatest security gap in any system is the human factor. The safest system is one that is completely closed and operated under controlled conditions. Weak passwords, untrained personnel and laziness can compromise even the strongest security system. I am convinced that cybercrime cannot be prevented as long as there are people who click links in unknown e-mails, pass their data to phishing sites due to lack of digital literacy, download suspicious attachments from unknown sources, or use extremely simple passwords. If I cannot swim, I do not go into the water. For the internet, however, this seems not to apply. Those who value security should first learn the rules of the game. In this regard, everyone is to some extent the architect of their own fortune.
The International Data Trade
Issues of data protection are apparently increasingly being taken lightly, with social networks such as Facebook and TikTok making billions from user data. Why are there no uniform guidelines to protect customers?
Patrick Kurtz: You would have to ask the politicians. But the essence of the answer is probably already contained in the question: because of the billions involved. When weighing money against individual citizen interests such as data protection, the outcome is usually predetermined. Moreover, there is no international consensus on how data transactions should be regulated. This is mainly because Germany is likely to have very different interests in uniform guidelines than, for example, Ireland.
Requirements for IT Specialists
The IT industry is evolving: today, IT graduates should bring teamwork, communication skills, and business acumen, as well as cross-technical competence and human resource awareness. Do you see these requirements reflected in the industry?
Patrick Kurtz: These skills are of course desirable. But the perfect all-round worker does not exist; everyone has a different distribution of strengths and weaknesses within their job-relevant abilities. This is not limited to IT, but is simply human, and therefore a rather banal observation. Especially in IT, there are certainly many “nerds” who are outstandingly competent in some areas and understand nothing at all in others. This stereotypical image of IT specialists is not coincidental and is frequently used in TV fiction (keyword: “nerd”).
I am fundamentally of the opinion that in IT recruitment, less focus should be placed on requirements and more on support and opportunities.
Conflicts of Interest in Digitalisation
To what extent does electronic data processing (EDP) differ from information technology (IT)?
Patrick Kurtz: One is part of the other (EDP is part of IT), roughly as financial accounting is part of economics. Accordingly, no clear point of distinction can be defined.
Where do you see the greatest challenges for the industry in the future?
Patrick Kurtz: In finding the right balance. There are technophobes who want to avoid digitalisation at all costs and technophiles who believe everything must be digitalised no matter what. The important thing is to act moderately and find a healthy middle ground: when and to what extent can and should digitalisation take place? This is not an easy question; it requires public discussion and intelligent case-by-case decisions.
Mr Kurtz, thank you very much for the conversation.
Note
The original article by Dr Manuela Diehl appeared in Businesstalk on the Kudamm. Emphasis (bold) and links on this page may differ from the original.
Kurtz IT Service: IT Forensics and IT Security
Tel.: +49 163 8033 967
E-Mail: kontakt@it-forensik-it-sicherheit.de
10
Nov
Not Even the Headquarters of the US Democrats Are Safe from Leaks
Recent reports on internet crime within the ranks of the US Democrats show how little is still being done, even when dealing with highly sensitive confidential data, to protect it properly. Apart from the fact that more than 20,000 emails were hacked and partly published both at the party headquarters and at the Democrats’ campaign headquarters, further cyberattacks occurred in June and August. During these attacks, Democratic research on Clinton rival Donald Trump was spied on and partly published, while private mobile phone numbers and email addresses of almost 200 parliamentarians were posted online at Wikileaks. While the publication of private data is of course “only” personally unpleasant and such security leaks reveal with embarrassing precision how poorly even the highest offices are still protected against hackers, the content of the emails was considerably more delicate. They showed that Hillary Clinton was favoured internally within the party and that her rival for the presidential nomination, Bernie Sanders, was to be pushed aside through targeted disruptive manoeuvres.
Our IT security experts and IT forensic specialists in Munich are observing the current situation in the USA with concern, also with regard to the interests of German citizens and companies. This is particularly due to the explosive nature of the information that might be released through further attacks and could significantly harm not only the party and its members, but also the American economy and politics as a whole. Even though it can be assumed that both the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) are working with IT specialists to ensure the security and confidentiality of their data, the continuing cyberattacks clearly show that a great deal of work still lies ahead for American IT professionals. Naturally, this data is not only of national but even international interest, which motivates some of the world’s best hackers to try to obtain it. But does the rule really apply that the larger the target, the more likely a hacker attack becomes? Am I safe as a small or medium-sized business and therefore do not need to worry about IT security? Far from it! While interest in internationally operating large corporations is of course increased by their fame and the value of their information, smaller and medium-sized companies are also attractive targets for hackers and internet criminals because of the innovations that keep them competitive on the market. At the same time, they are relatively easy victims, as most companies do not place sufficient value on adequate security precautions. Our IT Service in Munich assists both companies and private individuals, either preventively or after damage has already occurred: +49 89 7007 4301.
Sharp Rise in Internet Crime: 48 Per Cent More Attacks Than in 2012
The Global State of Information Security Survey, the largest of its kind conducted in 2014, reveals what our IT specialists in Munich experience week after week during their assignments: attacks on internal company data and information are increasing relentlessly due to the ever-growing focus on the digital world and all the positive as well as negative side effects that come with it. The study was carried out by PwC in 154 countries with 9,800 IT managers from all industries and shows that all over the world, but particularly in economically strong countries such as Germany (represented in the study by 434 companies), the “commodity” of information and innovation is becoming increasingly attractive and desirable for criminals. Every single day, 117,330 hacker attacks are registered worldwide – 48 per cent more than the year before and even 66 per cent more than in 2009!
Surprisingly, although the surveyed IT managers are aware of the growing threat posed by the World Wide Web, spending on IT security decreased by 4 per cent compared with the previous year. This percentage may not seem dramatic, but it says a great deal about a misguided trend according to which companies attempt to maximise their profits – supposedly – by minimising expenses. Our IT experts in Munich can already predict today that this approach is a mistake and leads companies down the wrong path, which will ultimately cause serious problems. The damage inflicted on companies digitally often results in far-reaching consequences. Many businesses remain competitive on the market solely because of their innovations and unique selling points; however, if hacker attacks cause confidential corporate strategies, construction plans, product designs or similar information to be lost or fall into the hands of competitors, the affected companies lose the very foundation on which their business is built.
Digital data leaks are among the most serious threats to business success in the 21st century. Protect yourself – our IT experts in Munich are at your disposal.
Prevention Is Better Than Cure – IT Specialists in Munich Develop Security Concepts
In order to protect internal company data and confidential information, it is essential that IT experts such as those in our department IT Forensics | IT Security Munich are deployed in your company to search for vulnerabilities, data leaks and potential risks. If such problem areas are identified, our IT specialists will work to eliminate them and develop cost-efficient, innovative security concepts to safeguard the company against external threats. Furthermore, employees must also receive training in IT security. Careless sharing and sending of data via Dropbox or other so-called data clouds, for example, can lead to data being intercepted and hacked even in an almost perfectly secured company. Regular training and transparent security concepts help to reduce unintentionally leaked data volumes to a minimum and thus strengthen the company as a whole.
Many companies are now also taking out insurance against cybercrime, but the reputational damage that a company may suffer from a hacker attack can hardly be compensated by money. Particularly in Europe, the aforementioned Global State of Information Security Survey records a rapid increase in attacks: compared with the previous year, 41 per cent more cases of internet attacks were detected. Unfortunately, given the declining expenditure in the IT sector, this is not due to improved security measures but rather to a higher number of attacks and an ever-increasing professionalisation of the perpetrators.
IT Security Experts in Munich Ready for Action at Any Time
If your company is not yet sufficiently protected against cyberattacks and hacker assaults, or if you suspect that confidential data may already have leaked, contact our IT forensic specialists and IT security experts in Munich free of charge. We will thoroughly examine your company or your private devices and develop a comprehensive security concept: kontakt@it-forensik-it-sicherheit.de. We are also available in an advisory capacity and can train your employees in the safe handling of the internet and company data, helping to protect your organisation against attacks from outside (or even from within) and thereby secure your position in the market. Contact the Kurtz IT Service Munich at the following number: +49 89 7007 4301.
Author: Maya Grünschloß, PhD
Kurtz Detective Agency Munich
Department IT Service: IT Forensics and IT Security
Lindenstraße 12a
81545 München
Tel.: +49 89 7007 4301
E-Mail: kontakt@it-forensik-it-sicherheit.de
28
Aug
More and more frequently, one reads about hacked and later published private data of well-known personalities online, whether compromising photos or videos of an actress ("leaks") or the beginning of a new novel by a bestselling author (for example, the seventh Harry Potter novel circulated online days before its release). However, apart from stars and celebrities, hackers are increasingly transforming from a rather abstract threat affecting “others”, namely the rich and famous, into a very real danger for every individual. Consequently, the detectives, IT forensic experts and IT security staff of the Kurtz Detective Agency Bremen (+49 421 3679 9066) are also registering an increasing number of cases involving attacks on private individuals.
This development shows that not only the ever-increasing surveillance of people, data and technical devices by governments is causing unrest among the public, but also that hacker attacks on private individuals and companies are steadily increasing. In 2015, for example, North Rhine-Westphalia’s Minister of Justice, Thomas Kutschaty, fell victim to a hacker who ordered a set of new car tyres in his name, leaving him comparatively fortunate. Much less harmless, however, are attacks on servers of government bodies, large companies or banks, particularly when their innovations and confidential internal information become vulnerable as a result. Although in most cases the culprit can be identified and prosecuted with the help of business detectives or IT forensic experts such as those of the Kurtz IT Service Bremen, reputational or economic damage may already have occurred and is often irreversible.
Small and Medium-Sized Companies – Popular Targets for Cyber Criminals
Apart from the seemingly most lucrative hacker targets, large corporations, small and medium-sized companies as well as individual employees frequently become victims of such data theft because they are unaware of the danger, whether due to naïve trust in the Internet or an underestimation of criminals’ interest in their own company. Markus Hannemann, Managing Director of the IT system house 4Brain GmbH in Oberhausen, even considers small and medium-sized enterprises to be the main targets of cyber criminals today.
For good reason, Prof. Dr Norbert Pohlmann of the Institute of Computer Science at the Westphalian University of Applied Sciences in Gelsenkirchen and the Institute for Internet Security reports that many companies still have major deficits in their protection against cybercrime and urgently require improvements. Sometimes this is due to the technology used, sometimes to easily cracked passwords, poorly programmed websites or insufficient employee training – circumstances that the IT forensic experts and IT security staff of the Kurtz IT Service Bremen frequently encounter during their work. A family friend may have installed the firewall incompletely, a secretary opens an email attachment sent by hackers, or the company lacks the technical know-how to protect patents electronically.
Those Who Prevent with IT Security Will Not Need IT Forensics Afterwards
The experts of our IT Forensics and IT Security Bremen department can hardly be consulted too early for an IT security consultation. As Patrick Franitza, Deputy Press Spokesman of secunet Security Networks in Essen, points out, many company managers still perceive IT security as an unnecessary type of insurance, following the motto: “It will not happen to me.” Yet in Germany alone, economic espionage causes annual damages of around 51 billion euros. This includes phishing emails of apparently secure origin that spy on company data via fake websites, attachments and email accounts, skimming – the extraction of credit card or bank information – and many other methods.
Today not only computers but also smartphones are threatened by hackers. By secretly installing a surveillance application on a targeted phone, the device simultaneously becomes a tracking device, a listening device and a communication spy. With the assistance of IT forensic experts and IT security specialists such as those at the Kurtz Detective Agency Bremen, such malicious software, viruses and Trojan horses can be detected, removed and often traced back to their sender. For this reason, a thorough – if not regular – examination of company PCs and smartphones is highly advisable.
Insufficient IT Security in Many Companies Is Like an Open Door for Burglars
If your company’s infrastructure and sensitive data have been hacked, do not hesitate to contact the IT specialists of the IT Forensics and IT Security Bremen department: +49 421 3679 9066. Once engaged, we analyse the compromised computer to determine how access to the data was gained, which files were opened and transmitted, and whether Trojan horses were installed. The IT forensic experts and IT security consultants of the Kurtz Detective Agency Bremen also assist companies in developing and installing improved security infrastructures to prevent future cyber attacks.
In addition, your employees must be trained to handle sensitive data and internal information attentively and responsibly, as they are often unknowingly and unintentionally involved. Heiko Gossen, one of the managing directors of migosens GmbH in Mülheim an der Ruhr, also points out that the term “IT security” alone is no longer sufficient because companies and private individuals often understand it merely as the necessary technology, namely hardware and software. The more appropriate term “information security”, in his opinion, also includes employees and any other sources of information beyond technical devices. In this respect, the Kurtz IT Service Bremen can draw on extensive experience in advising companies and training employees in the secure handling of technology and the Internet. Once installed, protective barriers and security programmes must be continually updated and renewed to defend against external attacks and malicious software; otherwise, despite good infrastructure, risks from the World Wide Web remain.
The Kurtz IT Service Bremen puts a digital bolt against hackers: IT Security and IT Forensics Bremen.
Small Steps with a Big Impact: Security
Better protection for a company is achieved through a step-by-step process: from creating guidelines and raising employee awareness to identifying harmful software and finally implementing the new security concept. Although the success of these measures also depends on the company and its employees, the experts of Kurtz IT Forensics and IT Security Bremen can provide decisive assistance and advisory support; it is important that the company supports us as a service provider in our work.
Of course, a one hundred per cent security guarantee can never be given, regardless of how many security concepts are implemented at all levels of the company. However, cybercrime can be significantly curbed if small and medium-sized companies also decide to take the services of IT forensic experts and IT security specialists seriously and make use of them.
Author: Maya Grünschloß, PhD
Kurtz Detective Agency Bremen
Department IT Service: IT Forensics and IT Security
Hollerallee 26
D-28209 Bremen
Tel.: +49 421 3679 9066
E-Mail: kontakt@it-forensik-it-sicherheit.de
05
Jan
It is already serious enough when criminal activity and fraud in the private sphere hurt feelings and cause great distress to those affected – but even more severe are the consequences when the repercussions of such criminal acts extend beyond the individual and endanger an entire company, along with its employees and capital. This recently occurred in a case so extensive and audacious that even the detectives of Kurtz Economic Detective Agency Stuttgart were almost left speechless. Thanks to the swift and prudent actions of the company owner, V. Häberle, a case of blatant industrial espionage was mitigated, as he had consulted Kurtz Detective Agency Stuttgart in time. This allowed our corporate investigators and IT forensic experts to prevent damages running into millions for him and his company.
Häberle is the founder and owner of a medium-sized Swabian company deeply engaged in the research and development of fuel cell technology. "A fiercely competitive field," he proudly told our Stuttgart investigators, "fuel cells are THE energy converter of the future!" The technology offers enormous advantages, especially in automotive manufacturing – which is significant in a region hosting many car manufacturers and suppliers. It is primarily innovative companies like Häberle’s, focusing on research and development and aiming for market-ready innovative products, for which it is essential that no competitor gets ahead. The competition is intense, and moral considerations for gaining economic advantage appear secondary. Company secrets had been spied on and passed to a competitor. Initially, the case seemed straightforward: The employee in question (25) was the son of a personal friend and former university colleague, and Häberle had trusted him based on this connection. The employee, working for the company for only six months, had apparently passed crucial internal research data to a competitor. However, legally admissible evidence was lacking, and there were still uncertainties – matters for Kurtz Economic Detective Agency Stuttgart to resolve.
At first glance, it seemed a classic case of industrial espionage: Internal investigations showed the employee accessed protected data multiple times from his workstation and copied documents and technical diagrams to a USB stick – the actual transmission apparently occurred via other channels. How and to whom the data was sent was to be investigated by our corporate detectives in Stuttgart.
The first step involved consulting the IT forensic experts of Kurtz Detective Agency Stuttgart. This phase went beyond "normal" detective work: To avoid raising suspicion within the company, Häberle granted our IT forensic team access to workstations under the guise of an external “IT routine audit.” This discreet approach prevented mistrust and allowed the target employee to continue working, ideally revealing more data and clues. Through meticulous, days-long work, our Stuttgart IT experts could trace the storage location of the stolen data – in this case, the investigation revealed the data had been copied onto a smartphone. Within legal limits, IT forensic experts could access the relevant devices, preserve usage traces, and identify potential misuse and perpetrators.
During the IT forensic work of the Kurtz Economic Detective Agency Stuttgart, clues emerged suggesting that the case was taking an entirely different direction: The targeted employee was verified to be absent from the company at least three times during periods when data transfer occurred. Furthermore, the IMEI number in question did not match his work or personal smartphone, as further investigations revealed. Now, a new possibility emerged for our Stuttgart corporate investigators, which Häberle had not yet considered: The suspicion, according to the detectives’ assumption, might have been deliberately directed at the new employee to mislead the investigation in the event of discovery. The initial covert access to other workstations and computer data quickly revealed a new clue: The smartphone to which the data had been transferred belonged to a completely different employee, B. Konrad, whose workstation was in a neighboring office. From that point, the Stuttgart economic detectives focused their investigation on Konrad.
With these new insights, surveillance of the new target could begin and quickly proved fruitful: Konrad, still undetected and believing himself safe, was in regular contact with a nearby company also conducting fuel cell research. The meetings fortunately took place outside the offices of that company, otherwise our economic investigators would have been constrained – company premises are also protected under privacy rules. Observation quickly showed that Konrad regularly exchanged envelopes with a person identified as a senior employee of the competitor company. Three of these meetings were observed and documented photographically – in different locations, but due to our comprehensive surveillance, they did not go unnoticed.
It was now up to our investigators to make a decision: The evidence was sufficient for pressing charges, but success was not guaranteed – should the suspect be confronted? Knowing that the fate of over 50 employees was at stake, the Stuttgart economic detectives decided to confront Konrad personally and alone immediately after the third meeting. Under the weight of the evidence, he quickly admitted: He had been employed at Häberle’s company from the start and felt passed over for various promotions. Six months ago, an employee of the competitor had approached him with a lucrative offer: he was to obtain documents and sensitive data in exchange for substantial four-figure payments. Konrad was technically skilled in IT, but personally dissatisfied with his job.
The malicious idea of not only covering his tracks but, if necessary, directing them to someone else, was solely Konrad’s idea – regardless of the fact that the young man initially suspected had never done anything wrong and had been entirely innocent. Fortunately for Häberle and his company, thanks to the economic detectives and IT forensic experts of Kurtz Detective Agency Stuttgart, Konrad’s actions were discovered. Sufficient legally admissible evidence was collected to bring both Konrad and the competitor’s employee to the attention of authorities.
Based on the court-admissible video and photographic material and a detailed investigative report by Kurtz Detective Agency Stuttgart, all conditions were met to hold the industrial spies accountable in court. In addition, a million-euro loss was prevented – and the suspicion against an innocent employee was cleared. Otherwise, this person would likely have lost his job or worse – fortunately, this was avoided. The initially suspected employee remained unaware of his good fortune, as the investigation was conducted in secret. This illustrates that alongside economic success, the human factor often allows our Stuttgart economic investigators to enjoy their work.
It should be noted that the terms “economic espionage” and “industrial espionage” are often confused in media coverage, although they are distinct. In this case, it is industrial/competitive espionage – the attempt to illegally obtain information by a competitor company. Economic espionage, on the other hand, is always state-directed and usually carried out by intelligence agencies to catch up technologically with other countries.
To protect the discretion and personal rights of clients and targets, all names and locations in this case report have been fully anonymized.
Author: Gerrit Koehler
Kurtz Detective Agency Stuttgart
Department IT Service: IT Forensics and IT Security
Königstraße 80
D-70173 Stuttgart
Tel.: +49 711 7153 0028
E-Mail: kontakt@it-forensik-it-sicherheit.de
20
Dez
Kurtz IT Service | IT Forensics and IT Security
Department of Kurtz Detective Agency
Tel.: +49 163 8033 967
kontakt@it-forensik-it-sicherheit.de
www.it-forensik-it-sicherheit.de/en
Monday–Friday: 08:00–20:00
Since 2016, Kurtz Investigations has continuously supported the well:fair Neven Subotic Foundation, which provides children in underprivileged regions with access to clean water and education.
Imprint | Data Protection | Sitemap
IT Forensics | IT Security | IT Service Provider | IT Support | IT Consulting | IT Services | Data Backup | Computer Maintenance | IT | Cybersecurity | Data Analysis | Data Recovery | System Analysis