One of the largest global steel manufacturers, ThyssenKrupp, has revealed that their company has been hit by cyber-hackers and may have had sensitive trade secrets stolen.
In February last year, cyber-hackers gained access to the German manufacturer’s computer system and managed to go undetected for three months. It wasn’t until April that ThyssenKrupp’s internal security team detected the hack. According to the manufacturer’s spokesperson, the management board was informed “at once” and he notes that the hack was detected quite quickly.
The spokesperson compared this to similar attacks, noting that it usually takes a company 200 days to detect and assess the nature of a hack.
It’s not known as to how many of the manufacturer’s departments were compromised, but the manufacturers are sure that the hackers stole project data from the engineering division, and fear that a great deal of intellectual property was stolen in the hack.
ThyssenKrupp are yet to divulge information as to the scope of the intellectual property losses as they’re “not clear yet” about what exactly has potentially been stolen. However, they believe that the cyber-hack most likely originated in Southeast Asia.
Not the first time…
This isn’t the first time that the German manufacturer has been subject to cyber-hacks. Back in 2012, Chinese hackers were blamed for the hack that infiltrated the European Aeronautic Defence and Space Company’s and ThyssenKrupp’s system. ThyssenKrupp confirmed that the attack in 2012 occurred in the U.S., with origins of the attack being from a Chinese internet address.
How long did they take to report the breach?
It’s questionable as to why the German manufacturer chose to wait to report the breach after finding out about it. Maybe they have something to hide because they didn’t adequately protect their systems? Or maybe it’s because they didn’t want the world to know that their trade secrets had been leaked?
There could be a variety of reasons as to why they kept the information concealed for a long period of time. In the U.K., companies should usually report a breach as soon as possible, and if they don’t, it could work against them if a financial penalty is imposed.
Attractive system
In 2015 ThyssenKrupp generated an annual revenue of £36 billion, so it doesn’t come as a surprise that cyber-hackers would take an interest in the manufacturer’s computer system. With millions at stake from its trade secrets, cyber-hackers could sell them on the black market, resulting in leaks to competitors.
Responsibility?
It seems as though ThyssenKrupp aren’t taking much responsibility for the hack, as they said that the attack shouldn’t be blamed on security deficiencies at the group, or attributed to human error. Instead, the manufacturer cited an expert opinion, saying:
“…it is currently virtually impossible to provide viable protection against organised, highly professional hacking attacks.”
Cybersecurity in Germany
Germany’s cybersecurity is an ever-growing issue. According to the Federal Office for Information Security, cybersecurity breaches and other associated problems have cost the economy around £37 to £41 million a year. As security breaches are becoming commonplace, coupled with the fact that they were hacked a few years ago, it’s arguable that ThyssenKrupp should’ve been equipped to fend off the cyber-hackers. It’s not like they’re short of financial means to implement an effective cybersecurity system…
That being said, they have raised the defence of “nothing being un-hackable” which does hold water.