The walls are virtual, the risks real. EOS is improving its data security using “penetration tests”, where hackers attack the company under real-life conditions.
If you talk to Gunnar Woitack about how companies like the EOS Group protect themselves from hacker attacks, then sooner or later the topic of the Brothers Grimm comes up. “It’s like a race between the hare and the hedgehog,” says the IT security expert. “We put up fences to keep attackers out and the hackers constantly develop new techniques for breaking them down.”
Since January 2015, Gunnar Woitack has been in charge of IT security across the EOS Group. As Chief Information Security Officer (CISO) at EOS Technology Solutions, he is something like the “keeper of the crown jewels” for the entire Group. Whereas companies like VW, for example, never let their vehicle technology patents out of their sight, the most valuable assets at EOS include above all the data of defaulting payers.
In addition – like virtually all companies – EOS stores data about its customers and other stakeholders on its servers. For EOS, handling this information responsibly in-house, and protecting it from attacks and misuse from outside, are top priorities. After all, this security is the basis for the trust placed in EOS.
Hacker attack provides information on IT security.
To ensure the greatest possible degree of data security at the more than 60 EOS companies in 26 countries, Woitack regularly engages professionals – specialised hackers who scan the virtual walls of EOS for security loopholes. This year too, these “white hat” hackers – as they are known – will carry out what is known as a black box penetration test. In the process, the external partner receives several hundred EOS IP addresses. “This kind of test takes several hours,” Woitack says. “And a lot of it is automated.”
There is no such thing as 100% security for companies.
In addition, EOS also periodically arranges for what are known as grey and white box tests. These cyber-attacks “let more light into the box”, i.e. the hackers also receive access data and/or the source code of web applications. To use the analogy of the hacker as a burglar, they either get the key to the house or even the room layouts and alarm system details. Despite these very thorough penetration tests, EOS is nevertheless not lulled into a false sense of security, stresses Woitack. Because ultimately, nobody is completely protected from an attack.
There is no 100% security. Even the CIA and FBI get hacked.
Gunnar Woitack, Chief Information Security Officer (CISO) at EOS.
Hacker attack shows that the error rate is going down.
Basically, the EOS systems associated with the internet have become more and more secure over the years. The error rate in the penetration tests is declining, and awareness of data security among the workforce is constantly increasing, Woitack says. “The recurring tests steer the focus in the right direction.”
And there’s one thing that the IT security expert is sure of: even in ten years, simulated hacker attacks will still be an effective means of exposing vulnerabilities in a company’s IT security. Because the race between the hare and the hedgehog continues. “But we are working very hard on dealing with it,” says Woitack. “We take the risks very seriously and naturally are also investing a lot of money in security.”
Are you mystified by black box, grey box and white box? For an introduction to the topic of cyber-security, Gunnar Woitack recommends this article.
Photo Credits: Sebastian Vollmert / EOS, Hack Capital / Unsplash
На нашем веб-сайте используются файлы cookie, позволяющие оптимизировать его использование. Мы применяем файлы cookie, необходимые для работы веб-сайта, используемые для ведения анонимной статистики, cookie для настроек удобства пользования, а также файлы cookie для предоставления вам индивидуального контента на основе ваших предпочтений. Вы можете самостоятельно выбрать, какие файлы cookie принять: для статистики, удобства или маркетинговых целей. Кроме того, вы можете в любое время изменить/отозвать свое согласие, нажав кнопку «Изменить настройки файлов cookie» в нижней части веб-сайта. С дополнительной информацией можно ознакомиться в нашей политике конфиденциальности и Выходные данные.
Необходимые
Мы используем необходимые файлы cookie. Эти файлы cookie необходимы для работы и основных функций веб-сайта. В частности, они используются для безопасной работы веб-сайта.
Вы можете прочитать об используемых нами файлах cookie здесь.
Tool name
Cookieconsent_status
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg, Germany
Tool description
Essential cookie to save consent banner inputs.
Data processed
None
Purpose of data processing
To save consent
Retention period
60 days
Tool name
Java Session Cookie
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg
Tool description
Randomly generated session number essential for the proper functioning of the application software.
Data processed
None
Purpose of data processing
Proper functioning of website
Retention period
Session cookie – is deleted after you have closed your browser.
Удобство
Если вы примите файлы cookie удобства, мы можем упростить использование вами нашего веб-сайта. Если вы посетите наш веб-сайт повторно, чтобы воспользоваться нашими услугами, мы автоматически определим повторное посещение, а также выполненные вами записи и настройки, чтобы вам не пришлось выполнять их еще раз.
Вы можете прочитать об используемых нами файлах cookie здесь.
Tool name
Visitor
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg, Germany
Tool description
We use this cookie to make it easier for you to use this website.
Data processed
None
Purpose of data processing
Optimization, improvement of service
Retention period
Session cookie – is deleted after you have closed your browser.
Tool name
NEW_Visitor
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg, Germany
Tool description
We use this cookie to make it easier for you to use this website.
Data processed
None
Purpose of data processing
Optimization, improvement of service
Retention period
1 day
Статистика
Мы используем файлы cookie статистики для улучшения нашего контента, его оформления на основе ваших потребностей и непрерывной оптимизации нашего веб-сайта.
Для этих целей мы собираем анонимизированные данные для статистики и анализа, например, для определения посещаемости сайта и поведения пользователей, а также для адаптации, улучшения нашего контента и взаимодействия с пользователями веб-сайта.
Вы можете прочитать об используемых нами файлах cookie здесь.
Tool name
nmstat
Tool provider
Siteimprove GmbH
Address of tool provider
Rosenheimer Str. 143 C, 81671 Munich, Germany
Tool description
This cookie contains an ID character string for the current session. It contains non-personally identifiable information about which sub-pages the visitor enters – this information is used to optimize the user experience.
Data processed
None
Purpose of data processing
Analysis, statistics
Retention period
399 days
Tool name
AWSELB
Tool provider
Siteimprove GmbH
Address of tool provider
Rosenheimer Str. 143 C, 81671 Munich, Germany
Tool description
This cookie ensures that all statistics from the same session are captured contiguously.
Data processed
None
Purpose of data processing
Analysis, statistics
Retention period
Session end
Tool name
siteimproveses
Tool provider
Siteimprove GmbH
Address of tool provider
Rosenheimer Str. 143 C, 81671 Munich, Germany
Tool description
This cookie is used to track the sequence of pages viewed by the visitor during the website visit.
Data processed
None
Purpose of data processing
Analysis, website statistics
Retention period
Session cookie – is deleted after you have closed your browser.
Маркетинг
Мы используемся файлы cookie маркетинга, чтобы предоставлять вам соответствующий интернет-контент при посещении нашего веб-сайта.
Вы можете прочитать об используемых нами файлах cookie здесь.
Tool name
Facebook Pixel
Tool provider
Meta Platforms Ireland Limited
Address of tool provider
4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.
Tool description
Used by Meta to serve ads, measure and improve ad relevance, and offer advertising products on Meta.
Data processed
Ads Viewed | Pages Visited | Browser Information | Facebook Cookie Information | Facebook User ID | Geographic Location | Device Information | HTTP Header | Interactions with Ads, Services and Products | IP Address | Marketing Information | Usage Data & Behavior | Pixel ID | Referrer URL | User Agent
Purpose of data processing
Analysis | Conversion Tracking | Marketing | Social Media | Advertising
Retention period
__fbp (duration: 3 months)
Tool name
LinkedIn
Tool provider
LinkedIn Ireland Unlimited Company
Address of tool provider
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Tool description
This cookie is used to obtain anonymized reports about the website target audience and the possibility of targeted advertising, e.g., in the context of retargeting.
Data processed
Device information, browser information, IP address, referrer URL and time stamp.