Logotype
EMD has introduced security software that protects the company against external and internal attacksStage Image

EMD has introduced security software that protects the company against external and internal attacks

© Getty Images

Protection against IT attacks

Innovative data security

2014/8/20

Share

Print

In most cases, attempts to steal business-critical data are generally perpetrated by hackers. However, such actions are sometimes committed by the firm’s own employees. That’s why EMD has become the first DAX 30 company to introduce special security software that makes it more difficult for both types of offenders to attack its IT systems.

The former secret service agent Edward Snowden has shown how the United States and its allies monitor Internet communication all over the world. However, he also revealed how badly even some intelligence agencies are protected against data theft. After all, Snowden was able to copy around 1.7 million documents from the servers of the National Security Agency (NSA) without being detected. After doing this for several months, he even managed to flee abroad. 
 
Preventing data theft by employees is also one of the top security priorities at companies. “The bigger a company is, the more likely it is that this will happen,” says Andreas Maack, who heads Corporate Security at EMD. The perpetrators’ motives are as varied as the human psyche, and they are by no means only found in only one business. “People are induced to steal company data because of financial need, blackmail, a desire for revenge, the wish to give a new employer a ‘present,’ or simply because they have a good opportunity to do so,” he explains.
  • Andreas Maack, Chief Security Officer at EMD
  • Andreas Maack, Chief Security Officer at EMD
    © EMD

    Close cooperation


    Maack knows a lot about criminal activities, because he worked as a policeman at Germany’s Federal Criminal Police Office for 19 years before he changed to his current employer. At EMD’s Darmstadt headquarters, Maack now heads a team of eight employees as well as a global network of approximately 100 colleagues who support him. Together, they take care of all security-related issues at the Group. For example, they advise EMD employees who intend to travel to crisis regions about how they should behave there.

    They also take action against criminals who illegally produce and sell counterfeit EMD products. In its efforts, the team cooperates closely with law enforcement agencies. This is also the case when they are dealing with digital data theft, which has become one of the team’s greatest challenges. “EMD is processing more and more of its business transactions electronically,” Maack explains. “This creates new opportunities to steal data, especially through the Internet.”

    Hackers use this channel to gain access to the company. They try to smuggle small programs into the company network in order to gain control over computers or redirect the flow of information to their own addresses. Statistics show how difficult it has become to counter such attacks, because the hackers are not only criminally minded but also creative. According to experts, more than one million new malware programs are created every year. Maack describes the companies’ dilemma as follows: “Data thieves are satisfied even if they are successful only once. Corporate security units, on the other hand, have to be successful every day.”

    The theft of know-how or other data can endanger the competitiveness of companies such as EMD that conduct their own research. High investments in the development of new drugs, high-tech chemicals or new marketing strategies drop dramatically in value if the results fall into the hands of competitors. It is essential that these key assets be protected against theft.

    An anti-virus program in reverse


    As a result, EMD has become the first of the 30 major companies listed in the German Stock Index (DAX) to introduce special security software on a large scale. This software makes data theft more difficult for hackers as well as for spies in the company’s own ranks. The software’s name is Data Leakage Prevention (DLP), as it aims to plug such leaks before any damage can be done. It works like an anti-virus program, but in reverse. Whereas anti-virus software analyzes whether digital pests such as viruses, worms or Trojans are trying to get into the company network, DLP determines whether data is leaving the firm without authorization.

    “Today we are seeing theft attempts that didn’t occur in the past.“

    Andreas Maack
    Chief Security Officer, EMD

    DLP automatically monitors the information media at EMD. The program checks to see if there is anything unusual about such things as outgoing e-mails, inserted USB flash drives, files that are being uploaded on a server outside the company, and documents that are being printed out. Do they contain certain key words or other sensitive content? Are they being sent to unknown recipients? Or are individual files being saved on a USB flash drive unusually often? If a certain limit is exceeded or if the data is highly sensitive, DLP immediately triggers an alarm. 

    Making people more security-conscious

    2014/8/20

    Share

    Print


    The program’s quality depends greatly on the definition of these limits and the associated parameters that are taken into account. Moreover, the limits have to maintain a balance between the interests of the employees and those of corporate security. That’s because controlling honest employees too strictly – and almost all employees are honest –  interferes with work processes. As a result, Corporate Security cooperates closely with the businesses and the IT department to fine-tune the limits.


    Maack is satisfied with what has been achieved thus far. “Today we are seeing theft attempts that didn’t occur in the past, so we are now much more aware of this problem,” he says. His next step will be to prepare the DLP software to deal with hacker attacks from outside the company. Another aim will be to make employees more security-conscious, because trade secrets are sometimes unintentionally blurted out in discussions. Not even the best software can protect the company against such data leaks. The only thing that helps is an increased awareness of the company’s security.

     
    Article tracking