In times of rapidly increasing Ransomware-attacks and the resulting immense damage to companies, the Bavarian State Office for Data Protection Supervision (BayLDA) forced to become active. The BayLDA is currently conducting a Follow-up check at companies that have been victims of such an attack in recent years. The aim is to determine the current status of Cyber security and the Vulnerability management-measures of these companies.
The focus here is on the technical and organizational precautions for Defense against ransomware attacksthe Malware removalthe Data recovery for encryption and a robust Emergency planningto minimize downtimes due to Encryption locks to minimize. The BayLDA would like to use this initiative to strengthen the Ransomware protection in Bavarian companies.
Key findings
- The BayLDA conducts follow-up audits of companies that have fallen victim to ransomware.
- The aim is to review the technical and organizational measures for ransomware defense.
- The focus is on Cyber security, Malware removal, Data recovery and Emergency planning.
- The examinations are intended to Ransomware protection in Bavarian companies.
- Vulnerability management is an important aspect of prevention.
Introduction: The BayLDA and its tasks
The Bavarian State Office for Data Protection Supervision (BayLDA) is an independent Authoritywhich, as part of their statutory duties, regularly Data protection checks is carried out. These audits serve to check compliance with data protection regulations in companies and organizations and to suggest possible improvements.
Regular data protection checks
The BayLDA carries out both event-related and Audits without cause through. Occasion-related Data protection checks are usually based on complaints or specific indications of possible data protection violations. In contrast to this Audits without cause The audit takes place in all regions of Bavaria, regardless of sector and at the company's discretion.
Ad hoc and ad hoc audits
These Data protection checks can take various forms - on site, in writing or online via the Internet. The aim is to check compliance with data protection regulations and, if necessary, to take measures to improve data protection. Cyber security and vulnerability management.
Both technical and organizational aspects of data protection are examined as part of these audits. Companies that are subject to such Ransomware follow-up check receive valuable insights into their current data protection situation and recommendations for optimization.
Ransomware Follow-Up Examination BayLDA: The starting signal
The Bavarian data protection supervisory authority BayLDA has issued the Ransomware follow-up check the starting signal for a new series of focused Data protection controls given. These specialized audits represent a new approach to Cyber security and the Ransomware protection in Bavarian companies in a targeted manner.
Focused audits as a new approach
As part of the focused audits, the BayLDA conducts standardized written and automated online audits that concentrate on specific topics such as ransomware prevention. This concentrated inspection approach makes it possible to carry out focus inspections on relevant data protection aspects at short intervals.
Objectives of the regular focused audits
The regular focused audits pursue two main objectives: On the one hand, the data protection controls at non-public bodies in Bavaria are to be expanded. On the other hand, the provision of information as part of the audits serves to raise the awareness of company data protection officers for the respective topics such as Emergency planning and cyberSecurity to sharpen.
Through this new testing approach, the BayLDA is focusing on strengthening ransomware protection and improving the Data protection controls in Bavarian companies. The focused audits enable an efficient and targeted review of technical and organizational measures to defend against ransomware attacks.
Ransomware check: Technical and organizational measures
The current Ransomware follow-up check of the BayLDA focuses on the technical and organizational measures in accordance with Article 32 of the GDPR. The aim is to Basic protection vs. Ransomware attacks and to ensure the cyberSecurity of the companies concerned.
Basic protection against ransomware attacks
The focus of the audit is on measures such as a robust Patch managementreliable backup concepts, Data traffic monitoring and Malware removal. In addition, aspects such as Awareness-training courses, access authorizations and the Data protection organization examined in more detail. All of these technical and organizational measures serve to ensure a fundamental Basic protection before Encryption locks and ransomware attacks.
Target groups of the audit
The target groups of the ransomware follow-up audit are wide-ranging and include small and medium-sized companies, but also smaller hospitals, schools and doctors' surgeries. These institutions in particular have often been the target of ransomware attacks in the past and therefore require special attention with regard to the Ransomware check their technical and organizational measures.
Test documents and deadlines
For the Ransomware follow-up check the BayLDA has developed various Test documents prepared, including Cover letter, Answer sheets, Handouts and Infoblsheets. These documents should enable companies to make structured preparations and summarize the relevant information clearly.
The Deadlines for the processing and return of the Answer sheets are tight. As a rule, companies only have four weeks to answer the detailed questions and attach the required documents.
"Thorough preparation for the Ransomware follow-up check is essential in order to be able to Deadlines to be able to comply," emphasizes data protection expert Max Mustermann.
The BayLDA provides companies with helpful Handouts which explain the legal requirements and contain practical examples. In addition InfoblThe company also offers checklists and safety recommendations.
| Document | Purpose | Scope |
|---|---|---|
| Cover letter | Informed about the reason for and course of the examination | 2 pages |
| Answer sheet | Includes questionnaire for answering | 15 pages |
| Handout | Explains legal requirements and practical examples | 20 pages |
| Info sheets | Checklists and safety recommendations | 5 sheets |
Follow-up tests on other topics
The BayLDA is not only focusing on the ransomware follow-up audit, but is also planning to Follow-up tests on other topics relevant to data protection. Both Data protection law as well as cyberSecurity in focus.
Data protection requirements for tenant applications
From January 14 to February 28, 2022, the BayLDA will conduct an audit focusing on the data protection requirements for tenant applications. Real estate and property management companies are the focus of the Authority.
Securing e-mail accounts
Another prevention audit will start on May 18, 2022 and will focus on the protection of E-mail accounts. Banks, medium-sized companies and industrial enterprises are scrutinized to identify potential weaknesses in terms of security and Data recovery to identify.
Through these targeted Follow-up tests BayLDA would like to raise companies' awareness of current challenges in the area of cyber security and contribute to strengthening data protection.
Focus on future audits
The Bavarian State Office for Data Protection Supervision (BayLDA) has ambitious plans for future auditsthat the Privacy in various areas. Two of these audits will be a particular focus in the near future:
DPIA threshold check for high-risk processing operations
From November 21, 2023 to February 2024, the BayLDA will conduct a DSFA threshold check for data-driven and innovative companies. The aim is to determine the correct way to carry out a Privacy-Impact assessment (DPIA) for High-risk processing of personal data. This review is intended to ensure that companies fulfill their responsibilities and comply with the Data protection requirements for high-risk processing operations.
Data protection requirements on websites and apps
At the same time, the BayLDA is planning an audit from December 22, 2023 to May 22, 2024 to ensure compliance with the data protection requirements for Websites and in Apps. Operators of such offerings must comply with data protection regulations, particularly with regard to vulnerability management and Emergency planningconscientiously. The audit is intended to show where there is potential for improvement and how website operators can better protect users' data protection rights.
| Examination | Period | Focus |
|---|---|---|
| DSFA threshold check | 21.11.2023 - Feb 2024 | Correct provision for DPIA implementation for High-risk processing |
| Data protection requirements on Websites and Apps | 22.12.2023 – 22.05.2024 | Compliance with data protection regulations for online offers |
With these announced audits, the BayLDA is continuing its efforts to promote compliance with data protection in Bavaria and to protect the rights of citizens.
Ransomware follow-up: detailed queries from the authority
The Bavarian State Office for Data Protection Supervision (BayLDA) has asked detailed questions about the review of the System landscapethe Patch managementthe Backup concept and the Data traffic monitoring included in the list of questions for the ransomware follow-up audit. In addition, the Authority Insights into the Awareness, Authorizations and Data protection organization of the audited companies.
System landscape and patch management
In the area System landscape 29 questions are asked to get a complete picture of the IT-infrastructure. This includes questions about operating systems, servers, network components and peripheral devices. The Patch management is checked with 12 questions relating to the processes for the prompt installation of security updates. An efficient Vulnerability management is essential for the Ransomware protection.
Backup concept and data traffic monitoring
The Backup concept is checked with 6 questions relating to aspects such as backup cycles, encryption and physical separation of backups. A further 4 questions deal with the Data traffic monitoringto detect unwanted or suspicious activities in the network at an early stage.
Awareness, authorizations and data protection organization
The Detailed queries also include topics such as Awareness and Authorizations one. 7 questions are used to check the extent to which employees are sensitized to cyber risks and whether a restrictive Authorization concept was implemented. Finally, 5 questions on the Data protection organization such as the appointment of a data protection officer and the implementation of Privacy-impact assessments.
Security incidents and required reports
As part of the ransomware follow-up check, BayLDA collects detailed information about Security incidents in the audited companies. The companies must provide information on various Risk levels including whether incidents posed a risk to those affected, whether there was a high or low risk or whether there was no risk at all. Incidents at processors must also be reported.
Extensive reporting obligation
In addition to the statistical data, in the event of a reported ransomware attack, the BayLDA requests both the Final report and, if applicable, the complete forensic report. These documents provide information about the course of the incident, the countermeasures taken to Data recovery and the subsequent steps to improve cyber security and ransomware protection.
Transparency and lessons learned
By providing detailed information on security incidents and submitting incident reports, the BayLDA creates greater transparency with regard to the threat situation posed by Ransomware attacks. At the same time, valuable lessons can be learned from the experiences of the companies concerned and passed on to other companies in order to improve the general quality of life. Cyber resilience to strengthen.
Ransom prevention: earlier testing in 2021
In November 2021, the Bavarian State Office for Data Protection Supervision (BayLDA) conducted a Testing without cause to the Ransom prevention through. The aim of this audit was to Cyber security and the Ransomware protection in randomly selected companies and organizations. As part of this Audit 2021 the BayLDA issued a Checklist with sensible measures to improve the Emergency planning and strengthening the Ransom prevention ready.
The Checklist contained various points that companies should consider when analyzing and optimizing their Cyber security should be supported. This included measures such as regular backups, patch management, user authorizations and Awareness-training courses for employees. The BayLDA recommended that the participants Ransom prevention measures carefully and implement them in their companies.
Recommended action: Regular TOM check
Regardless of whether a company has received a letter from the supervisory authority or not, it is extremely important to regularly review the current technical and organizational measures (TOM) and update them if necessary. Such a TOM check should take the form of a meeting between the Managementthe IT-department and the data protection officer.
Close cooperation for effective vulnerability management
This committee provides the ideal framework for tackling the topic of cyber security holistically. While the IT-department via Technical measures like Patch managementThe data protection officer is responsible for the organizational area. This includes, for example, training to raise employee awareness, a clear allocation of responsibilities and internal audits to review recommendations for action.
Continuous improvement of the level of protection
Those responsible should meet at regular intervals to jointly assess the current status of security measures. The aim is to identify possible weaknesses or potential for improvement and take appropriate steps. Only through close cooperation between all those involved can sustainable protection against cyber threats such as ransomware be guaranteed.
"A regular check of technical and organizational measures is essential for effective security gap management and therefore for sustainable data protection."
Conclusion
The BayLDA's ransomware follow-up audit is an important step in ensuring the Cyber resilience of the companies concerned and to raise their awareness of the issue of data protection. The detailed queries on technical and organizational measures such as system landscapes, Patch managementbackup concepts and Authorizations can use the Authority assess the current status of ransomware defense measures and make targeted recommendations for improvements.
In addition, the audit serves as a wake-up call for all companies to recognize the importance of cyber security and Emergency planning should not be underestimated. A regular check of the implemented security measures is essential to ensure the Cyber resilience and to guarantee data protection in the long term. This is the only way for companies to counter the growing threats posed by Ransomware attacks and protect yourself against costly data loss or blackmail.
With its ransomware follow-up audit, the BayLDA has made an important contribution to strengthening cyber resilience and data protection in Bavaria. Companies should use this opportunity to review and optimize their security measures, because Ransomware protection is essential in today's digitalized world.
English 
Deutsch 
Español 
Français 
Polski