By Marc Dönges, Project Manager, Cybersecurity Transfer Center for Small and Medium-Sized Enterprises
Cybercrime is on the rise. Small and medium-sized businesses are feeling the impact as well. Hacker attacks, sabotage, and data espionage are becoming increasingly common and are targeting the baking industry.
Bakeries and suppliers must secure their business processes. Only businesses that make cybersecurity a core part of their operations are prepared for emergencies. But where should one start, and which measures are truly effective?
“An IT contingency plan is a measure that not only makes sense for bakeries but also saves valuable time and resources in an emergency.”
Marc Dönges, Cybersecurity Transfer Center for Small
and Medium-Sized Enterprises
Bakery branches targeted
Cyberattacks on bakeries recently came to light in July 2025 (but not for the first time). Several branches of a bakery in Lower Saxony were targeted by hackers. Pro-Iranian messages appeared on the screens in the sections normally used to display prices. The cybercriminals had hacked into the systems via a central server and thus taken control of the screens. The branches issued statements regarding the political messages. They distanced themselves from hacktivism.
The Schäfers bakery chain was among the businesses targeted by hackers. In September 2024, cybercriminals gained access to the company’s IT systems and encrypted the data. The perpetrators also claimed to be in possession of certain data. Schäfers was able to refute this claim. However, the systems had to be restored using existing backups and with the help of specialists.
In such cases, the hackers significantly disrupted and interfered with the companies’ operations. Studies confirm these consequences. Among other aspects, the cyber study conducted by the insurer HDI shows that, following a cyberattack, access to data and systems is not restored until 4.2 days later. For small businesses, the average is as high as 5.5 days. These are days when bills cannot
be paid, production comes to a halt, and inquiries from customers and partners go unanswered. For some companies, such a situation can quickly become a threat to their very existence.
Understanding and actively implementing protective measures
To ensure that a business is as well-protected as possible in case of a data breach emergency, protective measures should be integrated into business processes. These include
1) Secure passwords: To ensure that access and data are protected, merchants should use not only strong passwords (including special characters, sufficient length, and complexity) but also two-factor authentication. This provides an extra layer of security for certain processes, particularly sensitive ones. Two-factor authentication is an additional login method used in conjunction with a regular password, such as an SMS code, an authentication app, or a biometric factor.
2) Consistent data backup: When it comes to backup, it is important to implement a comprehensive and, above all, continuous strategy. Data must be backed up, verified, and updated on a regular basis. This is the only way to ensure that data can be restored following a cyberattack. It is also recommended that you keep at least two physical copies and one in the cloud.
3) Raising employee awareness: To make cybersecurity a priority throughout the organization, it is important to get employees on board through training and open communication. Employees should be proactively informed about current developments, attack methods, and incidents so that human error can be prevented as much as possible.
Emergency planning: the checklist for a cyberattack
Another measure that is not only sensible for bakeries but also saves valuable time and resources in case of a safety breach is an IT emergency plan. This action plan establishes the most important information and processes that must be implemented in the event of a cyberattack, including:
+ Who in the team is responsible for which tasks and fulfills which role?
+ How are employees, customers, partners, and reporting agencies notified about the security incident?
+ What emergency contacts are available?
It is important that the plan be as comprehensive as possible and regularly reviewed to ensure it remains up to date. In addition, the individuals assigned specific roles in the emergency plan must be fully informed of their responsibilities. They must be professionally trained so that their actions will have a positive impact in the event of an emergency. As with backups, the IT emergency plan should also be stored in multiple copies, both digitally and in hard copy.
I’ve been hacked! Or have I?
Cybercrime takes many forms. With the use of Artificial Intelligence, attacks are becoming increasingly diverse and, above all, more sophisticated. The encryption of operating systems – and, in many cases, the accompanying ransom demands – fall under the category of so-called ransomware attacks. It is important not to blindly give in to these ransom demands. This is because making a payment does not guarantee that the data will be released. Instead, companies should notify the police and work with IT specialists or IT service providers to reconfigure their systems.
Phishing attacks
Another common attack method is what’s known as a phishing attack. Cybercriminals use fake emails, websites, or messages to obtain sensitive information. With the help of AI, phishing messages are becoming more personalized and are virtually indistinguishable from the originals.
The senders of emails or attachments, such as invoices, should be carefully checked before opening or replying, and even the smallest details should be examined.
In the event of an emergency
When an incident occurs, regardless of how it arises, the most important thing is to remain calm and act deliberately. The aforementioned IT emergency plan serves as a solid guide for implementing measures step by step. This includes, among other things, identifying infected devices and isolating affected systems. In addition, organizations should document every step and all changes with screenshots to maintain a clear overview of the situation.
The documentation also helps service providers, forensic experts, insurance companies, and law enforcement agencies investigate the security incident. In the event of a data breach, it is important to report the attack within 72 hours.
Cybersecurity Transfer Center for Small and Medium-Sized Enterprises
The Cybersecurity Transfer Center for Small and Medium-Sized Enterprises is a project funded by Germany’s Federal Ministry for Economic Affairs and Energy. It was established to improve the cybersecurity standards of small and medium-sized enterprises, craft businesses, and startups nationwide through free services.
With this objective in mind, the CYBERsicher Notfallhilfe platform was developed, among other initiatives. On the platform, users can determine whether their incident actually constitutes an IT emergency and receive free recommendations for action and an overview of the appropriate points of contact. They also have the option to submit a free request for assistance. With just a few clicks, users can activate the platform’s nationwide network of service providers. They will then receive a response from available service providers, including a clear overview of services, costs, and more.For more information and a checklist for emergencies, visit: www.transferstelle-cybersicherheit.de/notfall.
The platform is not funded by service providers and it is free to use. Costs are incurred only when users decide to accept a service provider’s offer. The transfer office does not receive any money for facilitating the connection.
Through numerous events nationwide, the CYBER secure Check (a user-friendly cybersecurity assessment tool), and the CYBER secure emergency assistance program, the organization helps raise the level of cybersecurity in Germany’s SMEs.
The project partners:
+ The German Association for Small and Medium-Sized Businesses (BVMW eV) is taking over the consortium management of the project.
+ The team at the FZI Research Center for Information Technology Karlsruhe focuses primarily on the area of detection and response to cyberattacks.
+ The team at the Institute for Vocational Education and Adult Education at Leibniz University Hannover is responsible for quality assurance of learning opportunities.
Taking cybersecurity seriously
It is clear that cyberattacks cannot be resolved with just a few clicks. Companies and organizations of all sizes should take cybersecurity seriously and consistently implement protective measures. It is crucial that the entire organization and all departments are made aware of cyber risks and involved in specific measures. After all, the question is no longer whether a cyberattack will occur – but rather, when.
Author contact
[email protected]
Phone: +49 (30) 533 206-28