It is not only the growing proportion of remote work that is making IT environments more and more complex. This increasing complexity poses permanent challenges for cyber security in particular. It must adapt to the changing IT landscapes in order to continue to protect them effectively against attacks in the future. The IDC study “Cyber Security in Germany 2021” examined how companies are positioned in terms of cyber security.
A key finding of the study is that around 70% of the companies surveyed with more than 100 employees have already been victims of ransomware. 41% have suffered data loss as a result, in some cases even despite paying the required ransom. For the majority of companies that have not paid, the temporary system outage has at least had a detrimental effect on business.
In view of these figures, the optimistic self-assessment when asked how companies are positioned in terms of cyber security is surprising. Two-thirds of respondents agree with the statement that they will be able to cope with future IT security requirements on their own. However, there is a need to catch up here: 60% of companies have prioritized the rapid introduction of new IT solutions and put cyber security on the back burner due to the Corona pandemic and its impact.
The biggest challenge identified by 29% of security executives is the enormous complexity of cyber security landscapes. Many companies have different solutions from multiple vendors in place. Overall, the larger the company, the greater the variety of security solutions, as a rule. One in ten companies with over 2,500 employees operates security software from more than 35 providers. 30% of companies with up to 2,500 employees have more than 20 providers in use, compared with just 17% of companies with up to 500 employees.
The trick is to maintain an overview of such complex security landscapes so that real threats are not lost in a multitude of alerts from the systems. Malware, ransomware, phishing and advanced persistent threats (APTs) remain the top threats in terms of cyber security – according to around 25% of companies.
Outdated security processes and solutions are cited as a challenge by 21%. As a result, potential vulnerabilities or attacks are often not detected in the first place. Similarly, identified vulnerabilities or attacks are not shared across the organization. This means that a holistic and integrated security environment cannot be implemented. AI- and ML-based solutions that help to orchestrate and automate security processes could help. They ensure that even a rapidly increasing number of security alerts are reliably processed.
In order to meet future cyber security requirements, there is definitely a need for action in German companies. The topic of security is often not yet sufficiently anchored in the corporate culture. Technologically, intelligent security solutions are needed to better implement aspects such as automation, orchestration and analytics.
One of the greatest difficulties is managing the increasing number of threats and detecting cyber attacks at an early stage. It’s about effectively protecting one’s resources, business fundamentals, and corporate reputation. In this respect, cyber security is an elementary prerequisite for successful digital transformation – a realization that must become even more firmly established in companies.