Although 51 percent of large and medium-sized companies were affected by a cyber attack in the past 12 months, 13 percent attach less importance to cyber security. Also bad: Only half of the companies have backups.
59 percent of large and 26 percent of medium-sized companies in Germany were increasingly confronted with cyber attacks in the past twelve months. At the same time, 22 percent of SMBs gave cybersecurity a lower priority, as did a tenth (9,7 percent) of large companies. These results come from a current Kaspersky study presented at the itsa in Nuremberg.
Every 2nd company suffers an attack
Successful cyberattacks on supply chains have repeatedly shown how vulnerable they are to cyber threats. The attacks usually start with the weakest link. If one company in the supply chain is insufficiently protected, this can affect all other partners. Kaspersky's latest supply chain survey of decision-makers in Germany shows that, despite increasing cyber attacks, cybersecurity is a low priority for around a quarter (22 percent) of SMBs and around one in ten large companies.
Security: Low priority despite increasing attacks
How little importance decision-makers attach to the topic of cyber security in the supply chain is also shown by the fact that it is often not integrated into supply chain risk management: less than a third of medium-sized companies (32,0 percent) and a little more than half of large companies (56,6 percent) do so. However, companies of all sizes should react urgently to the increasing threat situation in order to protect their suppliers, customers and above all themselves.
"A successful attack - whether on your own or a partner company - can have devastating consequences for the supply chain and affect far more than just one company," comments Waldemar Bergstreiser, Head of B2B Germany at Kaspersky. “It's concerning that despite increasing threats, organizations of all sizes are declining to prioritize cybersecurity. Decision makers urgently need to rethink their cybersecurity strategy.”
Trust is good - control would be better
To protect against cyber threats, 46 percent of SMEs and almost three quarters (73,1 percent) of large companies currently rely on threat intelligence as a security measure - and some expect the same from their partner companies (54 percent of SMEs and 72,4 percent of large companies ). However, companies in Germany seem to have great trust in their partners so far. Because according to the Kaspersky survey, too few companies are sure that they monitor all interfaces. Only around three quarters of both the small (74 percent) and the large (75,9 percent) companies are convinced that they adequately monitor all interfaces and accesses from partners. However, the rest seem to trust their partner's sanity without really knowing it.
Only half have backups
Cyber security measures that are too lax are also problematic because by no means all companies rely on backups that would enable access to data in the event of an attack. Because in Germany, only half (50 percent) of IT decision-makers in medium-sized companies and 46,2 percent of large companies are convinced that backups are available in their company.
Recommendations for protecting against supply chain cyberattacks
- A detailed list of all suppliers and partners gives companies information about who has access to company-internal data and the IT infrastructure and helps to reduce potential risks.
- Businesses should back up their data regularly to have access in the event of an attack.
- All servers, workstations, smartphones, tablets and other devices used in different parts of the supply chain should be protected with a robust security solution such as Kaspersky Endpoint Detection and Response to be protected.
- The introduction of an evaluation of the security measures of partners in the sense of a comprehensive audit can indicate which areas and interfaces require further protective measures.
- If security weaknesses are identified in the supply chain, appropriate measures to protect the areas should be taken and implemented. services like Kaspersky Managed Detection and Response remedy this.
- In the event of a successful supply chain attack, the damage caused should be determined. services like Kaspersky Incident Response help prevent the attack from spreading and eliminate it.
- SOC teams access to the latest Threat insights through threat intelligence enable them to stay current on threat actor tools, techniques, and tactics.
- When working with partners, make sure that they have implemented certified security measures. Some of the most important include compliance with ISO 27001, or a passed SOC2 audit, which confirms that a company's security controls are in line with the Trust Services Criteria (TSC) of the AICPA (American Institute of Certified Public Accountants). That's what Kaspersky said at the beginning of 2022 its ISO 27001:2013 certification - the internationally recognized safety standard issued by the independent certification body TÜV AUSTRIA. Furthermore, the cyber security provider was successful in May 2022 Recertify SOC 2 for the second time.
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/