Two thirds (67 percent) of IT decision-makers in Germany say that their IT security budget is sufficient for the next two years, although they rate the cyber risk as high [1]. More than half (53 percent) rely on external service providers to protect themselves because the necessary know-how is not available internally. Smaller companies in particular are looking for external support.
The financial industry is particularly confronted with cyber threats for various reasons. On the one hand, the degree of digitization in the financial sector has increased significantly - especially in the wake of the pandemic. On the other hand, the financial sector is attractive to cybercriminals because there are strong cash flows here and a huge amount of sensitive customer data is managed by companies and institutions.
Financial sector sees itself prepared
Despite the large number of threats, seven out of ten respondents (69 percent) in the financial sector believe their company is adequately protected against cyber attacks. At managerial level, the figure is even three quarters (75 percent). The strongest feeling of security (80 percent) prevails in large financial institutions with 1.000 to 4.999 employees, although at the same time the risk of cyber attacks is rated particularly high here. Despite the awareness of the dangers, 67 percent are of the opinion that their IT security budget is sufficient for the next two years. In particular, survey participants from small companies (50 to 249 employees) show the greatest confidence here at 79 percent. In the area of senior management, almost three quarters of the survey participants (73 percent) are convinced that the IT security budget is sufficient for the next two years.
"The added value of cybersecurity is underestimated by IT decision-makers within the financial sector," explains Waldemar Bergstreiser, Head of Channel Germany at Kaspersky. “The fact that two thirds of those surveyed consider their budget for cyber security to be sufficient in the coming years is clearly not enough – it should be between 90 and 100 percent. Even if many see themselves as well protected, the financial sector in particular is unlikely to save when it comes to cyber defence, data backup and espionage - because every euro that is invested in cyber security in the coming years will pay off and will ultimately be good in the medium to long term invested money.”
Recommendations for protecting financial organizations
- Restrict access to remote management tools from external IP addresses and ensure that remote control interfaces can only be accessed from a limited number of endpoints.
- Enforce a strict password policy for all IT systems and the use of multi-factor authentication.
Offer restricted privileges to employees and only grant high privileged accounts to those who need them to do their jobs. - Provide SOC teams with access to the latest threat intelligence through threat intelligence so they stay current on threat actors' tools, techniques and tactics. Meaningful threat data, advanced machine learning technologies and a unique pool of global experts help to maintain the immunity of banks and financial service providers against previously unknown cyber attacks. Solutions such as Kaspersky Threat Intelligence [2] support this powerfully and extensively.
- Regular creation of backups of all relevant business data. In this way, important data that has been encrypted and made unusable by means of ransomware can be quickly restored.
- Regular employee training courses on cyber security - for example with the help of Kaspersky Security Awareness Training [3] - are essential to create awareness of digital threats within the workforce.
- The multi-level protection concept Finance Services Cybersecurity [4] from Kaspersky helps companies in the finance and banking sector to implement a flexible security strategy. The aim is to detect and mitigate the risk of targeted attacks and technologically advanced threats by detecting a wide range of compromise vectors.
- Securing endpoints and embedded devices such as ATMs and POS systems as well as other technologies used at the point of sale, for example with Kaspersky Embedded Systems Security [5].
- Securing virtual and physical servers, VDI deployment, storage systems and even data channels in private clouds, as well as advanced workload protection in public clouds through modern technologies such as Kaspersky Hybrid Cloud Security [6].
- Through practice scenarios, such as Kaspersky Interactive Protection Simulation [7], IT security teams from companies and government agencies are placed in a simulated business environment as part of a business game, in which they are exposed to a range of unexpected cyber threats.
[2] https://www.kaspersky.de/enterprise-security/threat-intelligence
[3] https://www.kaspersky.de/enterprise-security/security-awareness
[4] https://www.kaspersky.de/enterprise-security/finance
[5] https://www.kaspersky.de/enterprise-security/embedded-systems
[6] https://www.kaspersky.de/enterprise-security/cloud-security
[7] https://media.kaspersky.com/de/business-security/enterprise/KL_SA_KIPS_overview_A4_DE.pdf More at Kaspersky.de
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/