BR editor-in-chief Christian Nitsche spoke with Claudia Plattner in “7 Questions on the Future” about the threats we face and the challenges Germany is confronting.
Christian Nitsche: Ms. Plattner, when we talk about cyberattacks – how much damage do they cause our economy?
Claudia Plattner: The figure is actually alarmingly high. The Bitkom association estimates the damages from cybercrime in 2024 in Germany alone at 179 billion euros. That’s a staggering number, absurd! We argue over every euro to be able to protect ourselves properly somewhere. And then this amount of money essentially flows out of the country and damages us accordingly. This is an economic factor that really should not be underestimated. It’s gigantic.
Nitsche: When companies are attacked, one imagines: The hacker wants to get into the company headquarters – into the innermost part of the server – and steal company secrets. But it can be much simpler. Reading emails that might contain stock market-relevant information – and if that leaks out, the stock price goes down. Is one that easily blackmailed?
Plattner: Yes, without a doubt. Emails are a wonderful target. They are often intercepted and used. And you don’t even have to intercept the emails individually; what you can do perfectly is: attack the Exchange Servers (Microsoft Exchange Server: software for business, school, or university email accounts; editor’s note). Just as an example: 37 percent of Exchange Servers in Germany are vulnerable simply because they are not on the latest version. Thirty-seven percent. In numbers, that means: 17,000 email servers in Germany are comparatively easy to attack. And it’s actually not that hard to secure them. You just have to install the latest version. This means that very often you don’t even need a really clever attacker, just an outdated instance of an email server.
Where Germany is Most Vulnerable
Nitsche: Where are we most vulnerable?
Plattner: I believe we definitely have an issue across the board, especially with small and medium-sized organizations. I don’t just mean companies, but also institutions, for example municipalities, hospitals, universities, and similar. That’s actually our biggest problem because the know-how, the resources, and often the awareness aren’t really there yet. So, small and medium-sized organizations, I always say, are my problem children.
Nitsche: Who are our enemies in cyberspace? And what are their aims?
Plattner: We have many groups from Russia, we also have many from China, from North Korea, and also sometimes from Iran. These are the “professionals,” if you will. And they, in turn, have a whole host of suppliers and petty criminals who help out. A whole industry has developed there, we have to state that unfortunately. It’s lucrative.
Nitsche: Russia is right at the forefront?
Plattner: Firstly, we have the simple issue that they attack us to “fleece” us. So, really classic: cybercrime – but also propaganda. DDoS attacks are often used for this (Distributed Denial of Service, i.e., servers are bombarded with requests and buckle under the load, editor’s note). Roughly following the motto: “Look, you can’t even protect your municipalities, hospitals, or federal institutions.” That’s roughly how it feels to people – and that’s exactly the effect they want to achieve. If we look at what comes from China: Espionage is more in the foreground there. High-tech companies are super exciting, there’s a lot to gain there. But also in the political sphere. There, it’s not so much about loudly and visibly breaking something or extorting money, but about remaining undetected in the network for as long as possible and waiting for the right moment to strike. Sometimes, there are only two clicks between espionage and sabotage, if you’re already in the system.
Nitsche: Some say cybercrime has long been the most significant form of crime. Where is all this heading?
Plattner: We already have to note: You can practically rent cybercriminals or their services today. They work together excellently, sometimes much better than we do. I suspect that through AI, we will see further professionalization in this area, a higher degree of automation. You simply search for vulnerabilities in the source code using AI at some point. And then the malware that exploits it all is also written by AI. That means for us: We have to use the same methods to find the same vulnerability and write the necessary patch – but before them. It’s really about speed here.
Do We Need a Cyber Army?
Nitsche: Do we also need a larger cyber army that can launch many more counterattacks?
Plattner: What we need is know-how in the digitalization and technology sector. Whether we need more people to carry out cyberattacks, I’ll stay out of that – for the simple reason: We take care of protecting the victims.
Nitsche: Who has to decide that?
Plattner: If in doubt, our colleagues from defense and politics have to say that.
Nitsche: What do they tell you? Do they say it would be good if they had more cash, that they need more people?
Plattner: They are of course placing appropriate emphasis on the topic. The Bundeswehr has just established a fourth branch, namely: Cyber. That already shows clearly where things are heading. Personally, I think it’s smart. But: We need capabilities and know-how in the technology sector as an entire country. So also someone who is not working in the Ministry of Defense or the Bundeswehr, but someone who, if necessary, works for a railway company, a power plant, a normal, large corporation. We have to protect ourselves on all levels – and that also happens in the civilian sphere, just like fire protection. For me, that’s the much more important point: That we manage to build up the know-how here across the board. The ability to assess situations and the ability to act.
Nitsche: Thank you for the conversation.
In the video interview for “7 Questions on the Future,” BSI President Claudia Plattner also explains, among other things, how individuals can reduce their risk of extortion attempts like ransomware attacks. What is the perfect password (according to Plattner, “none at all”)? She also explains how the Federal Office for Information Security specifically responds to cyberattacks – and what is dangerous about Germany’s technological dependence on other states.
Info: BR24
Latest Posts
