German companies as collateral damage in cyber war? Bitdefender study: 62% of German companies have a strategy that is supposed to protect against cyber warfare.
Is cyber war a danger for German companies? Obviously yes, as a recent survey among IT security specialists shows. The fact that many companies around the world feel threatened by increasing cyber warfare is one of the central results of the global study "10 in 10" by Bitdefender. After the global values were published, Bitdefender also took a close look at the 513 German answers. Here are the most important results:
- Almost half (48%) agree, "Cyberwarfare cases will increase in the next 12 months and this will have a negative impact on the economy." One fifth (20%) disagree.
- Almost two-thirds (63%) believe that cyber warfare between states poses a threat to their organization. A quarter (25%) disagree.
- 62% say their organization has a specific strategy to protect them against cyber warfare. 27% say no.
- According to the respondents, the best ways to combat cyberwarfare as a company are
- a better understanding of the threat landscape (41%)
- additional investment in cybersecurity protection by both government and the private sector (37%)
- more collaboration between public and private sector organizations on cybersecurity (28%)
- What would be the most critical consequence if one's own company were to become a target for cyber warfare? This is where the respondents name most frequently
- Loss of customer information (39%)
- Business interruptions (33%)
- Loss of personal information from employees (31%)
- Loss of intellectual property (31%)
What does this data mean? The term cyberwarfare is usually interpreted as "the use of technology to attack a nation that causes damage comparable to actual warfare" (cf. https://en.wikipedia.org/wiki/Cyberwarfare). A cyber attack can have physical consequences, as Stuxnet first demonstrated to the world - malware that sabotaged the Iranian nuclear program. There have also been recent incidents where cyberwarfare has been used to explain attacks on power grids in the United States, Russia, and Ukraine.
Three reasons for the private sector to take cyberwar seriously
So far, governments and operators of critical infrastructures have usually been concerned about cyber warfare. There could be three reasons why large parts of the private sector in a country like Germany are now also viewing cyber warfare as a problem.
First, the trend that governments are less reluctant to attribute cyber attacks on public or private infrastructures to certain countries and to publicly pillory them. The USA, Great Britain, Australia and also Germany have pointed the finger at Russian or Chinese hackers who are said to have interfered in their infrastructures or carried out cyber attacks on their territory.
Secondly there is also an indirect danger for German companies if the state-built or supported APT hackers use their skills and knowledge for industrial espionage and sabotage. We encounter this form of APT mercenary more and more frequently and leave serious damage to companies, especially in an innovative and export-oriented country like Germany.
thirdly There is a great risk that organizations end up collateral damage from sophisticated malware that, while intended to compromise critical infrastructure, can also be used against other systems. The best-known example in this context is the EternalBlue vulnerability discovered by the NSA. This knowledge was stolen by a group of hackers and then used to infect hundreds of thousands of systems around the world with ransomware.
Few German companies are prepared in an international comparison
This is what security experts have in mind when they say the rise in cyber warfare is a threat to their organization. It is not all about fear of direct attack by other states on themselves. It is about military-grade cyber weapons causing collateral damage or being stolen and used against the private sector. And it's about the risk posed by cybercriminal mercenaries who also use military means for private business purposes.
It is positive that 62% of German security specialists say that their organization already has a strategy to protect them against this type of damage - even if this figure is around 70% in Anglo-Saxon countries, Spain and Denmark. is already significantly higher. In the next two years, almost all companies will have cyberwarfare included in their threat models to prepare for themselves.
[starboxid=18]