Lidl mother Schwarz has published a report on cyber security in German companies. This paints a somewhat worrying picture of the situation. Sensitive information about board members could be found on the Darknet.
Digital boss Rolf Schumann therefore asked not to wait for an attack, but to make the topic a top priority in companies. “Cybersecurity becomes relevant in places where there is no awareness at all,” he told Business Insider.
In addition to trading, the Schwarz Group is now also focusing on cloud business – and on cyber security. And the demand seems to be high: With XM Cyber, they already have “more than three-digit customers”, and the trend is growing rapidly, Schumann explained in an interview.
Have you ever searched for phone numbers of Dax board members? After their private addresses, passwords – or their sensitive data from dating sites? All of this is likely available on the dark web. At least that’s how it is in the Schwarz Group’s Cyber āāSecurity Report.
The has a total of 213 organizations from the public and private sectors Lidl-Mutter analyzed their attack surface for cyber attacks – and took a sample of data available on the dark web from the boards of directors of large companies. The report is the latest product of the digital advance of Europe’s largest retail group. Among other things, it uses data from the security service provider XM Cyber, which belongs to Schwarz, to give an overview of the situation and provide companies with guidelines for action.
The survey to the board members is only a small part of the comprehensive report. But an effective one. At the end of February 2023, the group examined the world‘s largest collection of data sets from cyber attacks and data leaks over the past 18 years. Namely with regard to the managers (CEOs and other board members, according to the study) of ten unspecified large German companies from different industries. The result: On average, each of the 20 board members was affected by 16 data leaks, at most by 70. Telephone numbers, e-mail, private, IP addresses – everything can be found. Around two thirds had passwords in plain text, and in two cases even data from sensitive sites such as gambling, dating or porn websites. So at least anyone who has been using old passwords since then has a problem.
The finds cleverly underline what Schwarz-Digital Board Member Rolf Schumann formulated in advance in an interview with Business Insider as a credo and appeal: “Cyber āāsecurity is a matter for the boss.” After all, a cyber attack is an attack on the company. Especially in view of the increasingly complex threat situations due to greater networking, relocation to the cloud and, last but not least, the increased number of attacks since the beginning of the Ukraine war it is important to deal with it appropriately. So out of the IT silo.
On average 11,000 vulnerabilities per company
It showed that there are also good founders from a financial point of view already a study by the digital association Bitkom from August 2022. The association put the annual damage in the German economy through theft of IT equipment and data at around 203 billion euros espionage and sabotage. A little less than in 2021. However, around 90 percent of the companies fell victim. Worldwide damage of 10.3 trillion euros is expected by 2025.
read too
The Cyber āāSecurity Report brings this abstract amount of damage to a tangible level. In February 2023, the Schwarz Group in Germany analyzed 213 organizations from the public sector and business with regard to their external targets: the companies from the Dax, MDax and SDax, eight trading companies, 35 airports and the ten largest German cities. In addition, the group analyzed anonymized datasets from XM Cyber āāto determine the actions of hackers better understood after entering an organization.
As a result, all trading companies, nine of the largest German cities and around 78 percent of the 40 Dax-Companies have at least one vulnerability rated High or Critical according to established standards, according to the report. In around 80 percent of cases, hackers need a maximum of four steps to access sensitive data. And on average, every company had 11,000 internal vulnerabilities that attackers could exploit.
“The attacker is already inside”
ācybersecurity becomes relevant in places where there is no awareness at all,ā comments Rolf Schumann in an interview. āIf someone in an automobile production facility unnoticed changes the temperature of the welding robot, for example. Or the target weight on the scales when bottling at a beverage manufacturer.ā Even small changes like this could have dramatic consequences for companies.
In addition, there are more and more potential interfaces. The Schwarz Group’s own focus, the Handel, Schumann sees as a prime example. After all, it is a highly networked ecosystem. āThe Schwarz Group companies have 13,700 branches. That means almost 14,000 WiFi networks. Then there are suppliers and other dealers,ā says Schumann. “In 32 countries, we have miles of shelves with electronic price tags – each with its own IP address.”
read too
The conclusion in the cyber security industry, at least since the corona pandemic, has been that classic perimeter defense is reaching its limits. As with a classic castle, building the wall higher and higher and widening the ditches to ward off attacks from the outside no longer works, as Schumann also thinks. “Actually, the basic assumption must be: The attacker is already in there.” In other words: It’s about protecting the really critical resources as a priority. And lead to those loudly Cyber Security Report only around 250 of the 11,000 vulnerabilities.
In many Pursue but this mindset has not yet arrived. “The hacker is the only one who has understood the security illusion surrounding cyber security,” he says. “And he turned it into a lucrative – if not legal – business model.”
Cloud and cyber security: The transition to a tech company
However, the Schwarz Group’s report aims to be more than just an alarming presentation of new surveys. Although catchy graphic representations such as cyber attacks raining down as meteorites are not missing. Dinosaurs that are unwilling to adapt are in a sense getting their hands on it, one could suggest here.
But in addition to surveys, the report offers a kind of practical guide from a company perspective. He tumbles down the complex topic based on the biggest ones studies explains the most common types and paths of attacks, gives basic instructions on how to act in the event of an attack, explains regulations.
A continuation of the publicity offensive that the retail giant from Neckarsulm launched as part of its transformation into a tech group. As early as March, the Schwarz Group invited 120 top managers, politicians and journalists to the cyber conference in Neckarsulm ā atypical for the group, which has long been considered secret. The investigations published in the report were also made in the context of this conference.
read too
The digital push involves two things. On the one hand, the Black group Since March 2022, the in-house cloud service provider Stackit has also been available to external corporate customers. And has thus entered a market that according to market research firm Forrester is expected to grow to around one trillion US dollars (around 929 billion euros) by 2026. A doubling compared to 2022. Schwarz positions itself against the dominant tech giants Amazon, Microsoft and Google with its location: a native digital infrastructure from Europe, sovereign and DSGVO-compliant. And with its low price model, which is always the case, it is suitable for German medium-sized companies, for example.
On the other hand, in November 2021, Schwarz bought Israel’s XM Cyber āā- a cybersecurity company founded by former Mossad chief Tamir Pardo. The service offered: Analysis and automatic improvement of vulnerabilities in IT networks and companies. In the summer of 2022, Schwarz announced that it would also offer the services to external customers after use and Cloud-Integrate service provider Stackit.
Well over three-digit number of customers: “Build the best software without big announcements”
And the demand seems to be there. “With XM Cyber, we have more than three-digit customers and are growing significantly,” explains Rolf Schumann in an interview. Well-known customers include the Port of Hamburg and the US Stock Exchange Nasdaq.
A strategic partnership with the Walldorf software company came about in mid-May SAP added. In the future, their services will be protected for customers by XM Cyber. With many of the world‘s largest companies being SAP customers, this should significantly increase the potential customer base. “The fact that SAP, the largest European software house, relies on the solution from XM Cyber āāshows us how holistic and forward-looking the approach is,” says Schumann.
read too
However, the Schwarz Group still does not allow themselves to be carried away by the grandiose announcements that are familiar from US corporations. The aim is not to become the next hyperscaler. However, pure deep stacking is not the thing of the black group either. “In my world there are only market companions, no competitors,” explains Schumann when asked about Amazon, Microsoft and Co. “We do what we ourselves are convinced of and believe that it will be successful. And we don’t shy away from any competition.”