Dr Christian Schwartz on information security and what we can learn from incidents like WannaCry.

22. June 2017

Christian, as a consultant in information security, it’s important that you pay close attention to current security incidents. Why’s that?
That’s right. Apart from our consulting services for companies, we closely observe incidents in the IT security environment. We especially follow up on and analyse successful attacks, such as the latest example of WannaCry.
Genau wie von unseren Kollegen im Bereich Security Analysis & Pentest im Übrigen. Dort allerdings mehr aus technischer Sicht.
Why do those analyses play such an important role for your consultation services?
Our department focuses on the holistic integration of IT security into corporate processes. Apart from technology, processes and people play a crucial role in that context. Large scale attacks, such as WannaCry, usually target multiple of those areas. Our work is about figuring out how such an attack could have been prevented so we can protect our clients from similar attacks in the future. For this purpose we reconstruct how the attack could be carried out successfully.
What conclusions could you draw from this case?
The attack mainly showed us how vulnerable IT systems are and that in some companies IT security unfortunately still only plays a minor role. After all, the infection with the malicious code did not necessarily have to assume the proportions it did. That’s why my brief article on “WannaCry” is subtitled “A Wake-Up Call for Information Security.”
Read the full article.

Also interesting:

A5: BSI Publishes New Audit Framework for Trustworthy AI

A5: BSI Publishes New Audit Framework for Trustworthy AI

The German Federal Office for Information Security (BSI) has published the Community Draft of the AI Audit and Assurance Assessment Architecture (A5) (currently available in German only), thus starting the consultation phase. A5 is intended to create a standardized...

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

Categories

Categories