According to a study of German cybersecurity and IT leaders, security teams are so busy defending against cyberattacks that they no longer have resources for preventive cyber defense.
Tenable® today highlighted that 44% of cyberattacks suffered by German companies in the past two years were successful. Security teams are therefore forced to focus their working hours and measures on reactive containment of cyberattacks instead of preventing them in advance. Since less than half (48%) of German companies are convinced that they can successfully reduce their own risk exposure with the help of their cybersecurity procedures, there is obviously a need for action. These results are based on a study of 102 German cybersecurity and IT executives conducted by Forrester Consulting in 2023 on behalf of Tenable.
Too little time and resources for defensive measures
The study made it clear that the time factor does not play into the hands of security teams. Nearly three-quarters of respondents (73%) believe their organization would be more successful in defending against cyberattacks if it devoted more resources to preventive cybersecurity. But half of respondents (50%) say the cybersecurity team is too busy responding to critical incidents to take a preventative approach to reducing the company's exposure.
Cloud computing puts cybersecurity at risk
Respondents were particularly concerned about risks associated with cloud infrastructure, where the correlation of user and system identities, access and authorization data is extremely complex. Germany was identified as one of the fastest-growing countries in Europe in the use of cloud computing, which is also reflected in the study: seven out of ten companies (77%) state that they use multi-cloud and/or hybrid cloud environments. Still, 60% of respondents cite cloud infrastructure as one of the areas most at risk of cyberattacks in their organization. In order, the greatest perceived risks arise from the use of multi-cloud and/or hybrid cloud infrastructure (24%), public cloud infrastructure (22%) and private cloud infrastructure (15%).
Complex and too many tools increase cyber risk
Cyber experts say a reactive posture is largely due to their teams' difficulty getting an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code vulnerabilities and user permission systems. The complexity of infrastructure - and the associated dependency on multiple cloud systems, numerous tools for managing identities and permissions, and various assets with internet connections - means that misconfigurations and overlooked assets can occur in various places.
🔎 Teams struggle to get an accurate picture of their attack surface (Image: Tenable)
More than half of respondents (62%) say poor data hygiene prevents them from obtaining high-quality data from user and access management systems and vulnerability management systems. Most respondents (71%) say they consider user identities and access rights when prioritizing vulnerabilities for patching and remediation efforts. Yet 52% say their team lacks an effective way to incorporate such data into their preventative cybersecurity and exposure management practices.
Too little communication in the executive suites
A lack of communication at the highest levels complicates and exacerbates the cybersecurity problem in companies. While attackers continually scrutinize environments, meetings on business-critical systems occur monthly at best. Just over half of respondents (54%) say they meet with business leaders monthly to discuss which systems are business critical. However, 17% have such meetings only once a year and 2% do not have them at all.
206 billion euros from cyber attacks in 2023
“German companies have been rather reluctant to use cloud technology in the past. But this has changed drastically in recent years, as our study confirms. “As the attack surface becomes increasingly complex, something needs to change to stem the tide of successful attacks,” said Roger Scheer, Regional Vice President of Central Europe. “Security teams have realized that a preventive approach to security is far more effective than a reactive one. But they are overwhelmed by the sheer volume of cyberattacks that have to be dealt with for such a change in focus. The German digital association Bitkom recently announced that cybercrime will cost the German economy a total of €2023 billion in 206. Changes are necessary to stop the onslaught of successful cyberattacks.
Security leaders need to be involved earlier in high-level business decisions, such as cloud deployment strategies, so the team isn't caught off guard. Cross-functional collaboration combined with holistic transparency across the company's infrastructure is necessary to effectively and efficiently reduce any risks that arise and to prevent cyberattacks in advance."
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.
One thought on "Germany: 44 percent of all cyber attacks successful"
Comments closed