Study on IT security: endpoints, hackers and security in digitization. As a cooperation partner of the current study "Cyber Security 2020" by COMPUTERWOCHE and CIO, DriveLock publishes the most important challenges and strategies in the protection of IT systems.
"The results of the study show great differences in the perception of cyber risks between respondents from the management level and from the specialist departments," comments Anton Kreuzer, CEO of DriveLock. With 38%, C-level decision-makers rate the protection of the endpoints as the greatest challenge, while in the specialist areas the external threat situation is at the top with 51%. “Fending off external threats and ensuring the security of your own endpoints is equally important in the digital era. Organizations must pursue an IT security strategy that takes a holistic view of the security situation and does not differentiate between internal and external aspects. Because the better your own endpoints are secured, the lower the risk of hackers, ”continues Kreuzer.
Are unprotected endpoints or external attackers more dangerous?
The security budget is mentioned by 27% of all respondents as a further important point with regard to IT security and is therefore in third place of the mentioned challenges for IT security. What is surprising about the results is which aspects bring up the rear and are therefore classified as the lowest risk. The study was conducted between July 20 and July 28 of this year. At that time, many companies had already switched to home office in the wake of the corona pandemic. Nevertheless, only around 11% of all respondents indicated remote work (home office and mobile work) as a challenge for their IT security. One reason for this may be that the protection of endpoints already covers this point. However, numerous corona-related phishing e-mails or possible security gaps with the large number of new devices pose a risk that should not be underestimated. "Every company that is a victim of a cyber attack is one too many," adds Kreuzer. “With many employees working from home, it is important to supplement the technical measures with security awareness activities. Employees must also be made aware of potential risks in the home office. "
High economic damage from cyber attack
The proportion of companies suffering economic damage from cyber attacks increases with size. Nevertheless, medium-sized companies top the list of victims with almost 55%, closely followed by large companies with 53%. In comparison, only 38% of those surveyed from small businesses state that they have already suffered economic damage. Looking at the companies as a whole, half of the respondents (50%) reported economic disadvantages.
"Every company, regardless of size, is targeted by cyber criminals," said Martin Mangold, Vice President Cloud Operations at Drivelock. “The situation is more critical for small and medium-sized companies because they simply do not have the same resources as large companies. They lack both budget and staff, so SMEs in particular can benefit from security outsourcing. "
Security outsourcing solves the shortage of skilled workers
Security outsourcing brings great advantages, above all, because it solves the prevailing shortage of skilled workers. SMEs would no longer have to compete with large companies and security experts. However, prejudices often prevent security from being considered as a service at all. 55% of those surveyed described security outsourcing as a no-go for their company, and for small companies even just under 59%.
In the specialist areas, just under one in four (24%) is against it, while this share at management level is around two thirds at 67%. Mangold emphasizes: “When it comes to security outsourcing, the assessment of the C-Level and the specialist area is very different. The decision-makers in particular should recognize that security outsourcing is alleviating the shortage of skilled workers and freeing themselves from prejudices. ”Cost pressure seems to be a means of countering concerns. The lower the available security budget, the more open the respondents are to managed security services from the cloud. In companies with an IT budget of less than ten million euros a year, only 49% percent reject outsourcing and 15% indicate that they fully agree.
Zero Trust has arrived in companies
93% of those surveyed state that their company is working with the Zero Trust security concept: 38% are already using Zero Trust, 41% are in the implementation phase and 14% are in the planning phase. And this even though only a few companies have planned concrete investments for Zero Trust. The top 3 areas to invest in are attack prevention (46%), network security (42%) and cloud security (39%). Andreas Fuchs, Vice President Product Management at DriveLock, explains this discrepancy: “The Zero Trust model is a holistic security approach and comprises several security solutions. Network security is just as important a component in Zero Trust as Endpoint Detection & Response for attack defense or other solutions such as predictive whitelisting. What is important is the seamless interaction of all security modules on a zero trust platform. ”This means that companies may not invest directly in the advanced IT security approach, but in solutions and functionalities that are essential elements of a zero trust model.
84% of companies have a digitization strategy
Nevertheless, this discrepancy between investment and implementation shows that the strategies within the company are not sufficiently coordinated with one another. For example, 84% of companies have a digitization strategy for modern workplaces and home offices, but only 77% have a security strategy for end devices. Only 70% have a risk analysis concept. For the important area of Identity & Access Management it is even less than half with 40%. "The study once again made two points clear," says Anton Kreuzer. “On the one hand, every second company suffers economic damage from cyber attacks. On the other hand, decision-makers and experts are aware of the challenges posed by cyber threats. Companies must now start to attach the same importance to IT security as to other business-critical IT areas in order to be able to protect their systems efficiently and in the long term. "
Go directly to the study at DriveLock.de
About DriveLock The German company DriveLock SE was founded in 1999 and is now one of the leading international specialists for IT and data security with branches in Germany, France, Australia, Singapore, the Middle East and the USA. In times of digital transformation, the success of companies depends to a large extent on how reliably people, companies and services are protected against cyber attacks and the loss of valuable data. DriveLock is committed to protecting corporate data, devices and systems. For this purpose, the company relies on the latest technologies, experienced security experts and solutions based on the zero trust model. In today's security architectures, zero trust means a paradigm shift based on the maxim "Never trust, always verify". In this way, data can be reliably protected even in modern business models.