KSV1870 – Austrias leading Creditor Protection Association

The Kreditschutzverband von 1870 is an economically and politically independent creditor protection association in Austria. It represents the interests of more than 30,000 voluntary members. The aim is to protect business owners from financial damage and to promote their liquidity.

KSV1870 sees itself as a leading business platform that minimises the economic risks of its clients through its solutions and thus contributes significantly to their business success. It maintains Austria’s most important business database with around 640,000 companies and 7.5 million personal data. With credit reports, customers keep the default risks of their business partners (companies and consumers) under control.

According to a current CyberRisk Report by KSV1870 Nimbusec GmbH, in which KSV1870 holds the majority rights, three out of ten local companies are unable to detect IT security incidents reliably. Inadequately maintained content management systems (CMS) are the gateway for hackers in a large number of cases. To be able to assess its business partner’s it-security level, KSV1870 has created two services for companies. From now on, every credit report contains the WebRisk Indicator, which classifies the publicly visible cyber risk of company websites. Those who want a more in-depth analysis can order a CyberRisk Rating.

Comprehensive measures to protect particularly sensitive data

The IT operation of KSV1870 currently consists of nine employees. A large, globally active partner supports the operational area. “In our day-to-day business, we take care of our own application environments as well as classic tasks such as user management or network administration”, Thomas Hämmerle, CISO at KSV1870, explains the tasks of the department in day-to-day business.

Creditworthiness data of companies and individuals are considered particularly worthy of protection. Creating awareness for the detection of anomalies in the network and along the supply chain is crucial for the reputation of KSV1870. For this purpose, there are daily status checks and constant security monitoring activities in order to be able to quickly recognise anomalies and initiate measures.

Additionally, internal and external pentests help to minimize attack potentials and detect malware like ransomware. Regular training for all employees, information on the intranet and mailings in cases of cause serve to keep the own team as well as stakeholders up to date and to comply with applicable standards as ISO 27001.

24/7 Incident Response with IKARUS/Mandiant

Cyber security incidents can affect any company or organisation. It is crucial to react both quickly and correctly. Quick reactions, analyses and system clean up reduce the impact on the company and ultimately on its reputation. For this and strategic reasons, KSV1870 has decided to search for an appropriate incident response partner in 2020.

“When making the selection decision, it was particularly important for us to find a partner who is ideally located in geographical proximity, has many years of expert know-how and has a globally active partner in the backend. After extensive evaluation, the decision was finally made in favour of XY”, says Thomas Hämmerle.

A particularly positive feature is that the hour pool can be “pulled along” if it is not used up, and can also be used for security topics.

„The cooperation during the first meetings on topics such as awareness, customising, technical tests and documentation in the event of an incident was very satisfactory”, Thomas Hämmerle sums up his experience with IKARUS.

The next step is to start involving all external partners.

Sophisticated Security Monitoring as the key to a secure IT future

In the future, KSV1870 will further intensify its security monitoring, thus its steady surveillance of the security of its IT systems including the whole supply chain. Within the framework of these SIEM (Security Information and Event Management) activities, “we would like to particularly emphasise email security, which still represents the gateway for many attacks”, says Hämmerle.