Interview with Andreas Mihm, Director Cloud Solution Architecture at diva-e
Andreas has been involved in building digital business models for 25 years and is an experienced expert in cybersecurity solutions. He leads the Application Security Team at diva-e and is responsible for developing and implementing security strategies for digital platforms and cloud technologies. In both cloud consulting and strategic cybersecurity, he stays at the forefront of new trends and challenges to provide innovative and effective security solutions. In this blog article, he answers questions about current threats, the role of AI, and effective measures.
Andreas Mihm | Director Cloud Solution Architecture
What are the biggest current threats for digitally operating companies?
"Today, economic success relies heavily on digital connectivity with business partners. The downside? More interfaces mean larger potential attack surfaces for cybercriminals. As a result, the online threat landscape is constantly expanding, affecting various business areas and tools.
One growing trend is phishing attacks targeting SaaS business applications to steal login credentials. These attacks often appear as legitimate internal messages - such as emails supposedly from the IT department—designed to trick employees into revealing their passwords. Once cybercriminals gain access, the consequences can be severe: data breaches, financial losses, or even operational shutdowns."
How has the threat landscape evolved in recent years?
"Cybercrime has become more professionalized than ever. Attackers are increasingly using a business model called 'Cybercrime-as-a-Service,' where they no longer need to develop ransomware, hacking tools, or phishing kits themselves—they can simply rent or buy them, just like regular software. This makes advanced attack techniques more accessible, allowing even less tech-savvy individuals to carry out cyberattacks.
At the same time, cloud technologies bring new security challenges. While modern cloud platforms offer strong protective measures, attackers are well aware of their vulnerabilities. They exploit misconfigurations, insecure APIs, and weak access controls to gain unauthorized access. That’s why companies can’t just rely on their cloud provider’s default security settings - they must actively integrate cloud security tools into their overall defense strategy to stay ahead of increasingly sophisticated threats."
Learn how SIEM solutions detect threats early and minimize risks through AI-powered automation here.
Which industries are particularly at risk?
"Critical infrastructures such as energy providers, healthcare institutions, and government agencies are particularly at risk. However, manufacturing companies are also frequently targeted by cybercriminals. Attackers often use so-called extortion ransomware, encrypting critical data and demanding ransom for its release.
For example, if the internal network of a mechanical engineering company is compromised by ransomware and on-premises applications—such as in-house ERP systems - are encrypted and rendered inoperable, this can quickly lead to a worst-case scenario: a complete production shutdown, resulting in massive financial losses and delivery delays."
What role does artificial intelligence play in cybersecurity?
"AI plays a major role on both the attacker and defender sides. Cybercriminals use AI to make their attacks more targeted and effective. For example, they generate highly convincing phishing emails tailored to individual recipients. AI can also automatically detect vulnerabilities in IT systems, making attacks easier to execute.
On the other hand, AI helps enhance cybersecurity. AI-driven security systems analyze network traffic and detect unusual patterns that may indicate an attack. This enables the rapid identification of suspicious activities and allows threats to be stopped before they cause damage."
Besides phishing and ransomware, are there other common attack methods?
"A great reference for both known and emerging risks is the OWASP Top 10, which highlights the most common security vulnerabilities in web applications. Currently, these include:
Injections and Remote Code Execution (RCE): In a code injection attack, attackers insert malicious code into an application to manipulate or alter its behavior. This harmful code can be used to steal sensitive data, crash the application, or take control of the server.
Broken Access Control: This occurs when attackers can bypass or exploit an application’s access control mechanisms. As a result, unauthorized users may gain access to sensitive functions or data that should be protected. Many well-known data breaches have been caused by broken access control.
Drive-by Attacks: These automated attacks exploit knowledge of cloud environments. Attackers often use scripts or bots that continuously scan for known vulnerabilities in exposed or misconfigured cloud services. Once a weakness is found, it is immediately exploited to gain unauthorized access. These attacks are particularly dangerous because they often go undetected.
One key takeaway for any security strategy: Stay agile! The focus and tactics of cybercriminals can shift at any time - ensure that your organization can respond quickly."
What concrete measures should companies take in terms of cybersecurity?
"Short-term: Companies should first conduct a comprehensive security analysis to identify the most critical vulnerabilities. This includes security audits and threat assessments to determine where criminals might attempt to gain access.
Mid-term: The identified risks should be prioritized, and the most significant vulnerabilities addressed quickly. This helps close potential entry points for cybercriminals before they can be exploited.
Training and awareness programs are essential to ensure employees adopt a security-conscious mindset. Phishing simulations help staff recognize suspicious emails and prevent fraud attempts early on. In our experience, after just a few of these training sessions, employees develop a strong instinct for identifying threats and quickly learn which emails they should avoid clicking on.
In order to permanently counter the growing risks of cybersecurity and the constant change and improvement of attackers, it is necessary to set up a Security Operations Center or to commission a service provider to operate such a SOC. By outsourcing these services, even small and medium-sized companies can afford the highest level of security.”
Is absolute cybersecurity achievable, or is it just a utopia?
"Absolute security does not exist – that would be an illusion. Social engineering, in particular, the targeted manipulation of people, cannot be prevented by technology alone. However, what companies can do is build a robust security strategy: create transparency, monitor threats, and react flexibly. An important principle: Cybersecurity is a team sport – it only works when all departments collaborate."
Would you like to learn more about how to achieve maximum cybersecurity for your applications? Our experts are happy to help make your online applications future-proof and resilient.
