The walls are virtual, the risks real. EOS is improving its data security using “penetration tests”, where hackers attack the company under real-life conditions.
If you talk to Gunnar Woitack about how companies like the EOS Group protect themselves from hacker attacks, then sooner or later the topic of the Brothers Grimm comes up. “It’s like a race between the hare and the hedgehog,” says the IT security expert. “We put up fences to keep attackers out and the hackers constantly develop new techniques for breaking them down.”
Since January 2015, Gunnar Woitack has been in charge of IT security across the EOS Group. As Chief Information Security Officer (CISO) at EOS Technology Solutions, he is something like the “keeper of the crown jewels” for the entire Group. Whereas companies like VW, for example, never let their vehicle technology patents out of their sight, the most valuable assets at EOS include above all the data of defaulting payers.
In addition – like virtually all companies – EOS stores data about its customers and other stakeholders on its servers. For EOS, handling this information responsibly in-house, and protecting it from attacks and misuse from outside, are top priorities. After all, this security is the basis for the trust placed in EOS.
Hacker attack provides information on IT security.
To ensure the greatest possible degree of data security at the more than 60 EOS companies in 26 countries, Woitack regularly engages professionals – specialised hackers who scan the virtual walls of EOS for security loopholes. This year too, these “white hat” hackers – as they are known – will carry out what is known as a black box penetration test. In the process, the external partner receives several hundred EOS IP addresses. “This kind of test takes several hours,” Woitack says. “And a lot of it is automated.”
There is no such thing as 100% security for companies.
In addition, EOS also periodically arranges for what are known as grey and white box tests. These cyber-attacks “let more light into the box”, i.e. the hackers also receive access data and/or the source code of web applications. To use the analogy of the hacker as a burglar, they either get the key to the house or even the room layouts and alarm system details. Despite these very thorough penetration tests, EOS is nevertheless not lulled into a false sense of security, stresses Woitack. Because ultimately, nobody is completely protected from an attack.
There is no 100% security. Even the CIA and FBI get hacked.
Gunnar Woitack, Chief Information Security Officer (CISO) at EOS.
Hacker attack shows that the error rate is going down.
Basically, the EOS systems associated with the internet have become more and more secure over the years. The error rate in the penetration tests is declining, and awareness of data security among the workforce is constantly increasing, Woitack says. “The recurring tests steer the focus in the right direction.”
And there’s one thing that the IT security expert is sure of: even in ten years, simulated hacker attacks will still be an effective means of exposing vulnerabilities in a company’s IT security. Because the race between the hare and the hedgehog continues. “But we are working very hard on dealing with it,” says Woitack. “We take the risks very seriously and naturally are also investing a lot of money in security.”
Are you mystified by black box, grey box and white box? For an introduction to the topic of cyber-security, Gunnar Woitack recommends this article.
Photo Credits: Sebastian Vollmert / EOS, Hack Capital / Unsplash
We use cookies on our website to enable you to have the best possible website visit. These include cookies that are necessary for the operation of the website. In addition, you can decide for yourself whether you want to allow the use of cookies and other tools for statistical purposes, comfort settings or marketing purposes.
In addition, you can withdraw any consent you may have given at any time. Further information can be found in our Privacy Policy and Imprint.
Necessary
Necessary cookies are required for the operation and basic functions of the website.
You can read about which cookies we use here.
Tool name
Cookieconsent_status
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg, Germany
Tool description
Essential cookie to save consent banner inputs.
Data processed
None
Purpose of data processing
To save consent
Retention period
60 days
Tool name
Java Session Cookie
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg
Tool description
Randomly generated session number essential for the proper functioning of the application software.
Data processed
None
Purpose of data processing
Proper functioning of website
Retention period
Session cookie – is deleted after you have closed your browser.
Comfort
If you allow comfort cookies, we can make use of our site easier for you. If you visit our website again to use our services, it is automatically recognized that you have already been with us and which entries or settings you have made, so that you do not have to enter them again.
You can read about which cookies we use here.
Tool name
Visitor
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg, Germany
Tool description
We use this cookie to make it easier for you to use this website.
Data processed
None
Purpose of data processing
Optimization, improvement of service
Retention period
Session cookie – is deleted after you have closed your browser.
Tool name
NEW_Visitor
Tool provider
EOS Holding GmbH
Address of tool provider
Steindamm 71, 20099 Hamburg, Germany
Tool description
We use this cookie to make it easier for you to use this website.
Data processed
None
Purpose of data processing
Optimization, improvement of service
Retention period
1 day
Statistics
We use statistical cookies to improve our offer. For a needs-based design and continuous optimization of our website, we collect data for anonymous analysis, for example, to determine visitor numbers and aggregated user behavior. These cookies do not serve to identify you personally.
You can read about which cookies we use here.
Tool name
nmstat
Tool provider
Siteimprove GmbH
Address of tool provider
Rosenheimer Str. 143 C, 81671 Munich, Germany
Tool description
This cookie contains an ID character string for the current session. It contains non-personally identifiable information about which sub-pages the visitor enters – this information is used to optimize the user experience.
Data processed
None
Purpose of data processing
Analysis, statistics
Retention period
399 days
Tool name
AWSELB
Tool provider
Siteimprove GmbH
Address of tool provider
Rosenheimer Str. 143 C, 81671 Munich, Germany
Tool description
This cookie ensures that all statistics from the same session are captured contiguously.
Data processed
None
Purpose of data processing
Analysis, statistics
Retention period
Session end
Tool name
siteimproveses
Tool provider
Siteimprove GmbH
Address of tool provider
Rosenheimer Str. 143 C, 81671 Munich, Germany
Tool description
This cookie is used to track the sequence of pages viewed by the visitor during the website visit.
Data processed
None
Purpose of data processing
Analysis, website statistics
Retention period
Session cookie – is deleted after you have closed your browser.
Marketing
We use marketing cookies and analytics tools to personalize the website and for advertising.
As part of SalesViewer®, a javascript-based tracking code is used to determine the following company-related information: - Name, origin and industry of the visiting company - Source/referrer of the visiting company - Keyword - Visitor behavior (e.g. subpages visited, time of visit, duration of visit).
You can read more information here.
Tool name
Facebook Pixel
Tool provider
Meta Platforms Ireland Limited
Address of tool provider
4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.
Tool description
Used by Meta to serve ads, measure and improve ad relevance, and offer advertising products on Meta.
Data processed
Ads Viewed | Pages Visited | Browser Information | Facebook Cookie Information | Facebook User ID | Geographic Location | Device Information | HTTP Header | Interactions with Ads, Services and Products | IP Address | Marketing Information | Usage Data & Behavior | Pixel ID | Referrer URL | User Agent
Purpose of data processing
Analysis | Conversion Tracking | Marketing | Social Media | Advertising
Retention period
__fbp (duration: 3 months)
Tool name
LinkedIn
Tool provider
LinkedIn Ireland Unlimited Company
Address of tool provider
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Tool description
This cookie is used to obtain anonymized reports about the website target audience and the possibility of targeted advertising, e.g., in the context of retargeting.
Data processed
Device information, browser information, IP address, referrer URL and time stamp.
Purpose of data processing
Marketing, analysis, retargeting
Retention period
Cookie Name (duration: 90 days)
Tool name
Google Analytics
Tool provider
Google Ireland Limited
Address of tool provider
Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Irland
Tool description
Used to track website activity such as session duration, pages per session and the engagement rate of individuals using the site, along with the information on the source of the traffic
Data processed
Ads Viewed | Pages Visited | Browser Information | Facebook Cookie Information | Facebook User ID | Geographic Location | Device Information | HTTP Header | Interactions with Ads, Services and Products | IP Address | Marketing Information | Usage Data & Behavior | Pixel ID | Referrer URL | User Agent
Purpose of data processing
Ad personalization | Ad user data | Ad storage | Analytics storage