SMBs do not want to work with cyber attack victims

SMBs do not want to work with cyber attack victims

Share post

50 percent of SMEs and 64 percent of large companies in Germany would never work with a company that had previously suffered a cyber attack. Certified security measures are desired, but not checked.

As a Kaspersky survey shows, 50 percent of SMEs and 64 percent of large companies in Germany do not want to work with other companies that have already been the victim of a cyber attack. It is therefore important for more than three quarters (84,1 percent) of all companies that (potential) partners have implemented certified security measures to protect themselves against cyber attacks. These results come from a current Kaspersky survey among decision-makers in Germany.

IT security plays an important role

Companies act with suppliers, service providers and partners in a common ecosystem. For 66 percent of small and medium-sized companies and 72 percent of large companies in Germany, the IT security of their suppliers and partners therefore plays an important role in their own business continuity.

The latest Kaspersky survey shows that 50 percent of SMBs and 64 percent of large companies would never work with a company that has experienced a cyber incident before. It is therefore important for them (78 percent of SMEs and 86 percent of large companies) that (potential) partners have implemented certified security measures. Key requirements include compliance with ISO 27001 or a passed SOC2 audit, which confirms that a company's security controls are in compliance with the AICPA (American Institute of Certified Public Accountants) Trust Services Criteria (TSC).

Many trust without further control

However, it seems that there is a lot of trust in (potential) partners. Because most companies do not check these certifications, but simply assume that they exist. Only 60 percent of small and medium-sized and 79 percent of large companies include such clauses directly in new contracts.

"The protection of data and one's own systems is of great importance when working with other companies," says Waldemar Bergstreiser, Head of B2B Germany at Kaspersky. “After all, more than half of companies would not work with a company that has had a cyber incident before. Conversely, for companies in Germany, this means that they urgently need to protect their assets and networks so that they don’t lose any orders.”

Kaspersky recommendations for protecting against supply chain cyberattacks

  • A detailed list of all suppliers and partners gives companies information about who has access to company-internal data and the IT infrastructure and helps to reduce potential risks.
  • Businesses should back up their data regularly to have access in the event of an attack.
  • All servers, workstations, smartphones, tablets and other devices used in different parts of the supply chain should be protected with a robust security solution such as Kaspersky Endpoint Detection and Response.
  • The introduction of an evaluation of the security measures of partners in the sense of a comprehensive audit can indicate which areas and interfaces require further protective measures.
  • If security weaknesses are identified in the supply chain, appropriate measures to protect the areas should be taken and implemented. services like Kaspersky Managed Detection and Response remedy this.
  • In the event of a successful supply chain attack, the damage caused should be determined. services like Kaspersky Incident Response help prevent the attack from spreading and eliminate it.
  • Provide SOC teams with access to the latest threat intelligence through threat intelligence, so they stay current on threat actors' tools, techniques and tactics.
  • When working with partners, make sure that they have implemented certified security measures. Some of the most important include conformance to ISO 27001 or a passed SOC2 audit, which confirms that a company's security controls comply with the Trust Services Criteria (TSC) of the AICPA (American Institute of Certified Public Accountants). At the beginning of 2022, Kaspersky renewed its certification according to ISO 27001:2013 - the internationally recognized security standard issued by the independent certification body TÜV AUSTRIA. Furthermore, the Cybersecurity provider successfully recertified SOC 2022 for the second time in May 2.
More at Kaspersky.com

 


About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/


 

Matching articles on the topic

Wireless security for OT and IoT environments

Wireless devices are becoming more and more common. This increases the number of access points through which attackers can penetrate networks. A new ➡ Read more

Professional cybersecurity for SMEs

Managed detection and response (MDR) for SMEs 24/7, 365 days a year. The IT security manufacturer ESET has expanded its offering ➡ Read more

Prevent malicious software from starting

A cyber protection provider has added a new feature to its security platform. It improves cybersecurity by preventing the launch of malicious or ➡ Read more

Pikabot: camouflage and deceive

Pikabot is a sophisticated and modular backdoor Trojan that first appeared in early 2023. His most notable quality lies in ability ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

Danger of election manipulation through cyber attacks

Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report ➡ Read more

Detect and defend against threats

In today's digitalized business landscape, combating threats requires a continuous, proactive and holistic approach. Open Extended ➡ Read more

Backup for Microsoft 365 – new extension

A simple and flexible Backup-as-a-Service (BaaS) solution extends data backup and ransomware recovery functionality for Microsoft 365, reducing downtime ➡ Read more