A comparison between 2020 and 2019 shows that companies are increasingly giving cyber security a high priority. But, the difference in security measures between SMEs and large corporations remains significant. According to a study, large corporations are leading the way, while small and medium-sized enterprises are not adequately secured. This may be due in part to the fact that approximately 49% of SMEs do not employ staff with cyber security expertise. This can have fatal consequences for their IT security.
49% of SMEs do not employ staff with cyber security expertise. This can have fatal consequences for their IT security.
The increasing digitalization of internal and cross-company processes is opening up new avenues for automation. Supply chains, production workflows and communication processes are becoming smarter. The more digital processes become, the greater the importance of IT security.
The protection required does not only apply to processes along a value chain. Almost every single file, every data center, every server needs the protection of its IT team. Let’s take a step back. To understand the importance of protecting an IT environment, you need to understand what cyber security encompasses.
What is cybersecurity, and why is it so important?
Cyber security refers to measures used to protect all components of an IT system against unauthorized access, manipulation or theft by third parties. These components are networks, operating systems, hardware, software, robots, Internet of Things, servers or cloud services.
Attackers’ motives can be manifold:
- Gain access to sensitive information
- Alter or destroy sensitive data
- Disrupt business processes
Apart from the fact that hackers can gain access to highly sensitive company internal information, the costs incurred by cyberattacks should not be underestimated. The average cost has risen from 9000 euros in 2019 to 51,200 euros in 2020 ¬- an increase of six times. German companies, in particular, were more frequently the victims of cyberattacks when compared to other countries, resulting in high costs (approx. 72,000 euros in 2020).
But what can such cyberattacks look like? And above all, what can IT security measures in companies look like?
The protection of IT systems from failure due to an attack and the viability of the systems are the basis for a smooth running company.
Types of cyber threats
Different types of cyber threats can be distinguished:
- Phishing/Social Engineering. Phishing mails are risky and difficult to secure. The greatest vulnerability can be the employees themselves. Targeted phishing emails are sent with malicious links or attachments. By unsuspectingly clicking, the recipient allows hackers to gain access to the corporate network.
- Ransomware. Hackers encrypt sensitive data with this malware. The goal is to either extort a ransom or specifically sabotage business operations.
- Malware. This includes all types of malware that attack your IT assets and may spy on you.
- DDoS attacks. Distributed Denial of Service attacks are nothing “new.” However, this type of attack is on the rise due to the increasing number of devices connected via the Internet of Things.
And that is only a small overview of possible cyber threats. Cyber security is therefore an absolute must for every company! In principle, cyber security has three classic goals: Preserving the confidentiality of information, protecting the integrity of information and systems, and ensuring the availability of information and systems. The protection of IT systems from failure due to an attack and the viability of the systems are the basis for a smooth running company.
Tips for successful cybersecurity
How can companies of all sizes protect themselves now? The following are tips for successful cybersecurity:
- Update security policies
- Ensure regular security updates of software and operating systems
- Use and regularly update strong passwords
- Implement multifactor authentication
- Provide security training to employees
- Do not open emails or attachments from unknown senders without appropriate verification
- Use a security monitoring tool
- Conduct cyber security incident simulation and training
Often, simply following such tips is not enough. A study by OTRS Group found that 61% of respondents experience a security incident at least once a week. Of those, 40% said they wanted a clearly defined incident response management process to adequately respond to a security incident. With digitalization and cyber threats booming, this is more important than ever.