Despite the persistently high risk of ransomware attacks, Germany’s companies are only inadequately protected against security incidents. This is the result of the “Cisco Cybersecurity Readiness Index 2023” study commissioned by the network and security provider. According to the index, more than 55 percent of the companies surveyed in Germany have already suffered a security incident within the past year. 77 percent of those surveyed also stated that they expect business operations to be disrupted by computer crime in the next two years.
“German companies have a lot of catching up to do when it comes to IT security”
The causes of the incidents are, among other things, many legacy systems in manufacturing companies that cannot comprehensively protect current security products. In an interview with iX about the study, Dr. Michael von der Horst, Managing Directory Cybersecurity at Cisco Germany, states: “German companies have a lot of catching up to do when it comes to IT security and are not consistently protected against cyber attacks at an appropriate level.” IT security must be strengthened as a continuous process of hardening systems and constant readjustment of protective mechanisms. “Through hybrid work, cloud-based applications and new collaboration tools, potential attackers can exploit more vulnerabilities – the management level in the company must therefore ensure comprehensive protection of the IT systems,” explained von der Horst.
Too few backups
Only 11 percent of German companies achieve the highest level of security maturity presented in the Cisco study. The reason for this is the comparatively low use of backup and recovery tools – 55 percent of German companies stated that they use them.
For the “Cisco Cybersecurity Readiness Index 2023”, the manufacturer conducted a double-blind survey of 6,700 IT managers in 27 countries who are responsible for cybersecurity in their companies. Cisco is making the study and its results freely available.
Cohesity: We have a communication problem
The data security and management provider Cohesity came to similar conclusions in a survey with over 2000 respondents: A lack of coordination between the IT and SecOps departments would further aggravate the tense security situation. The respondents named a massive shortage of skilled workers in these areas as the main reason for the weak internal cooperation. In addition to technical measures, the study commissioned by Cohesity proposes closer coordination between departments in strategic planning as the most important measure.
The tense situation in the security sector is exacerbated by developments in generative AI. Attackers and cybercriminals are increasingly using tools such as ChatGPT to increase the quality of mass attacks such as phishing. This has been shown by analyzes by Cisco Talos, the manufacturer’s threat research department. Deepfakes from voice messages are particularly dangerous. Cisco Talos has compiled the findings about phishing and AI in a blog post.
AI – also an opportunity
However, Cohesity is convinced that AI also offers numerous possibilities for better cyber defence. Since AI is ideally suited to quickly analyzing large amounts of data, customers could detect anomalies and thus indications of a cyber attack more quickly. This empowers IT security teams to respond to incidents even faster and much more accurately. Recently, the manufacturer also announced an AI-enabled data structure as part of a cooperation with Microsoft, which is intended to advance AI initiatives for threat and anomaly detection and classification.
(jvo)
