Companies in Germany lack the expertise and practical solutions to effectively investigate security incidents. A research project is now developing new tools and methods.
Many companies do not even notice that they have been the victim of a cyber attack. The incidents are often only discovered by chance or during the auditing of accounts. Dr. Stefan Meier , an employee of the Department of Business Informatics I at the University of Regensburg, concludes that there are still too few appropriate software tools and methods for the systematic study of digital attacks, in particular when it comes to securing evidence. His findings coincide with the results of the techconsult long-term study entitled Security Bilanz Deutschland : Especially in the SME sector and in public administration, the solutions used for IT security hardly go beyond standard solutions. In other cases, existing sophisticated software is not used properly.
Meier is especially interested in the human factor. According to his study, the current practice of digital forensics takes too little account of the fact that people ultimately interact with computers. Unlawful access by employees and partners in particular thus tends to go undetected. To close this gap, the scientist has developed a new methodology with which he has already uncovered cyber fraud in two test companies. With DINGfest , there is now a research project at the University of Regensburg under the direction of Prof. Günther Pernul , which is funded by the German Federal Ministry of Education and Research (BMBF) and which builds on the foundational work of Dr. Meier and scientifically tests innovative methods for the analysis and forensic processing of cases of IT damage.