Cybercrime is increasing rapidly. Not least because of geopolitical tensions. No matter how big your business is, you should be addressing this issue. Companies want to spend more money on their cyber security.
Not a day goes by without a report of cyber attacks. Eset’s Advanced Persistent Threats (APT) Activity Report warned that hacker groups from Russia, North Korea, Iran and China are active without letup. Hackers linked to Russia, such as Sandworm, Gamaredon, Turla and InvisiMole, continue to have Ukraine as their primary target, according to the report. Aerospace and defense contractors are popular with actors with ties to North Korea, he said. And Iranian groups focus their activities on Israel. according to the APT Activity Report.
A German food company, too, is said to have problems with hackers. Hacking for politically motivated reasons is in full swing around the world. In addition, the geopolitical fallout from the Ukraine war has taken on a new dimension. What happens, for example, when critical infrastructures such as energy suppliers or hospitals become the target of an attack in this country as well? Hacker attacks have long been a new form of warfare for some countries.
High number of unreported cases
There is still far too little public discussion about cybercrime. All experts agree that the number of unreported cases is extremely high. Many cyber attacks go undetected or are simply not reported. At the same time, however, companies are becoming increasingly aware of their own vulnerability. That is why many companies are planning to adapt their cyber defenses.
According to the IDC study „Cybersecurity in Germany 2022,“ almost half of the 200 or so companies surveyed in the fall want to revise their security precautions because of the Ukraine war alone. 43 percent of the companies recorded an increase in cyber attacks in the past twelve months, and 51 percent expect a further increase in the future.
However, and this is another key message from the survey, many companies also see major problems when it comes to implementing these plans. Security complexity is the most common cybersecurity challenge, at 27 percent. This is compounded by the ongoing skills shortage. Nearly two-thirds already have an acute security skills shortage or expect one in the coming year. And for 19 percent of companies, it is already one of the top challenges.
Cloud security is most relevant
Cloud solutions and uses are increasing, including for critical processes. According to the study, protection for cloud solutions is by far the highest priority for businesses, with 36 percent of mentions. „The increasing use of cloud for more and more critical processes and the resulting rise in dependency, coupled with the increasing threat level, makes extensive measures to secure them absolutely necessary,“ says Marco Becker, Consulting Manager at IDC and study leader.
Security types – where should the priorities lie?
Endpoint security is a major issue for companies. The increasing use of endpoints for remote work and the strong decentralization of endpoints through (Industrial) Internet of Things and Edge Computing increase the risk potential. Secure backups and disaster recovery are also topics that are important for companies. This priority is derived primarily from the great success of ransomware, and the fear of this is justified according to the analysts at IDC, because in 88 percent of the successful attacks on study participants, the backups were also fully or partially encrypted. At nine percent, however, the topic of security automation and orchestration receives somewhat too little attention. „Considering the complexity of security and the shortage of specialists, this topic should be given much more attention,“ says Becker.
More money for extortionists
Ransomware is also still a major threat to businesses. 70 percent of the organizations surveyed had been affected in the past twelve months, and only a good half of them were able to fend off the attacks or isolate them in time. This seems to have left its mark, as a total of 52 percent were or are prepared to pay the extortionists. The willingness is particularly high among those who have already been attacked. What is astonishing is that many pay because they want systems to work again faster, not because they are afraid of exfiltrated data being published or admit to a lack of protective measures.
From the company’s point of view, this may be the right way of thinking, but in the opinion of the IDC experts, more effort and investment in their own permanent protection and backup measures would make more sense and be more sustainable here. After all, it is never clear when payment is made whether the data will be decrypted.