50 percent of SMEs and 64 percent of large companies in Germany would never work with a company that had previously suffered a cyber attack. Certified security measures are desired, but not checked.
As a Kaspersky survey shows, 50 percent of SMEs and 64 percent of large companies in Germany do not want to work with other companies that have already been the victim of a cyber attack. It is therefore important for more than three quarters (84,1 percent) of all companies that (potential) partners have implemented certified security measures to protect themselves against cyber attacks. These results come from a current Kaspersky survey among decision-makers in Germany.
IT security plays an important role
Companies act with suppliers, service providers and partners in a common ecosystem. For 66 percent of small and medium-sized companies and 72 percent of large companies in Germany, the IT security of their suppliers and partners therefore plays an important role in their own business continuity.
The latest Kaspersky survey shows that 50 percent of SMBs and 64 percent of large companies would never work with a company that has experienced a cyber incident before. It is therefore important for them (78 percent of SMEs and 86 percent of large companies) that (potential) partners have implemented certified security measures. Key requirements include compliance with ISO 27001 or a passed SOC2 audit, which confirms that a company's security controls are in compliance with the AICPA (American Institute of Certified Public Accountants) Trust Services Criteria (TSC).
Many trust without further control
However, it seems that there is a lot of trust in (potential) partners. Because most companies do not check these certifications, but simply assume that they exist. Only 60 percent of small and medium-sized and 79 percent of large companies include such clauses directly in new contracts.
"The protection of data and one's own systems is of great importance when working with other companies," says Waldemar Bergstreiser, Head of B2B Germany at Kaspersky. “After all, more than half of companies would not work with a company that has had a cyber incident before. Conversely, for companies in Germany, this means that they urgently need to protect their assets and networks so that they don’t lose any orders.”
Kaspersky recommendations for protecting against supply chain cyberattacks
- A detailed list of all suppliers and partners gives companies information about who has access to company-internal data and the IT infrastructure and helps to reduce potential risks.
- Businesses should back up their data regularly to have access in the event of an attack.
- All servers, workstations, smartphones, tablets and other devices used in different parts of the supply chain should be protected with a robust security solution such as Kaspersky Endpoint Detection and Response.
- The introduction of an evaluation of the security measures of partners in the sense of a comprehensive audit can indicate which areas and interfaces require further protective measures.
- If security weaknesses are identified in the supply chain, appropriate measures to protect the areas should be taken and implemented. services like Kaspersky Managed Detection and Response remedy this.
- In the event of a successful supply chain attack, the damage caused should be determined. services like Kaspersky Incident Response help prevent the attack from spreading and eliminate it.
- Provide SOC teams with access to the latest threat intelligence through threat intelligence, so they stay current on threat actors' tools, techniques and tactics.
- When working with partners, make sure that they have implemented certified security measures. Some of the most important include conformance to ISO 27001 or a passed SOC2 audit, which confirms that a company's security controls comply with the Trust Services Criteria (TSC) of the AICPA (American Institute of Certified Public Accountants). At the beginning of 2022, Kaspersky renewed its certification according to ISO 27001:2013 - the internationally recognized security standard issued by the independent certification body TÜV AUSTRIA. Furthermore, the Cybersecurity provider successfully recertified SOC 2022 for the second time in May 2.
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/