Although simple steps can increase security, only 64,5 percent of German companies implement password guidelines, 58,0 percent create backups and 54,0 percent use multi-factor authentication.
According to the TÜV association, decision-makers in every ninth financial organization had to complain about a security incident last year; Furthermore, according to Bitkom, damage totaling around 203 billion euros was caused by cyber attacks on German companies. Decision-makers should therefore be clear that a preventive and sustainable cybersecurity strategy is a "must" for sustainable cyber protection. However, the status quo of security measures at some companies in Germany is sobering, as the current Kaspersky study "Incident Response for Prevention" shows.
Password guidelines, backups, employee training - none
As the Kaspersky survey found, many companies lack basic security measures: Password guidelines (64,5 percent), backup creation (58,0 percent) or multi-factor authentication (54,0 percent) have been implemented to date used by too few companies. These are basic measures that, together with a dedicated cyber security solution, provide basic protection against attacks.
Furthermore, 37,0 percent of companies in Germany do not regularly train their employees on topics such as spam or phishing - the classic gateways for cyber criminals to gain access data. The crux of the matter: the times of badly written spam and phishing mails full of spelling mistakes are long gone. Today they can hardly be distinguished from real news.
Anti-Phishing Software and Patch Management Policy? Not necessary
However, just over half (54,5 percent) of companies use anti-phishing software to protect against it. In addition, only one in three companies (35,5 percent) currently has a patch management policy. Security gaps in applications and operating systems are among the most common attack vectors in companies.
“Patching is always a challenge. On the one hand, security gaps can be patched relatively easily, on the other hand, the process is usually a bit more complicated than you think,” says Kai Schuricht, Lead Incident Response Specialist at Kaspersky, on the lack of patch management in companies. “When companies decide to update their systems, it takes time. Because these must first be tested, approved and then distributed. This takes time and of course increases the time window in which the systems are vulnerable. The time window for successful attacks is also extended. A well thought-out and therefore efficient patch management can provide support here and simultaneously take into account the different requirements of, for example, IT security and production.”
To the study:
The survey was conducted by Arlington Research on behalf of Kaspersky in June 2023. A total of 200 IT decision-makers in Germany, 50 in Austria and 50 in Switzerland were surveyed on the subject of incident response and cyber security.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/