The topic of incident response or preparation for cyber attacks seems to still have room for improvement in companies in Germany. Only a fifth (20.5 percent) have incident response plans ready to guide the team in the event of an attack; Likewise, less than a third (29.0 percent) have an incident response playbook on hand. Companies generally seem to lack guidelines and preventive measures on how they can respond to or prevent incidents.
The BKA recorded more than 130,000 cybercrime cases in Germany last year. Attacks on companies can sometimes threaten their existence. According to the current study, 30.5 percent of companies in Germany have cyber insurance that covers at least the most serious costs in the event of damage.
However, only 20.5 percent of companies have incident response plans, even though it is mandatory for most cyber insurance policies. An incident response plan is applicable to a variety of incidents and supports employees in incident response. Furthermore, less than a third (29.0 percent) of the companies surveyed in Germany have an incident response playbook that defines measures that should be taken in the event of a specific incident.
Lack of guidelines for dealing with security incidents
If an attack or malware infection occurs, only a quarter of companies in Germany know what to do with the affected devices. Only a quarter (26.5 percent) of companies in Germany have a centrally documented storage facility for compromised devices. However, this is important for forensics because it is the only way to identify the origin of an attack.
In general, companies in Germany seem to lack guidelines on how to deal with security incidents: only half (53.5 percent) of companies have guidelines on how security incidents are to be documented and almost as few (53.0 percent) have defined ones Incident reporting point.
Lack of preventative security measures
To prevent cybersecurity incidents, too few companies have implemented appropriate measures:
- Less than half (47.5 percent) use network segmentation to isolate devices from one another.
- Just over half (54.0 percent) use multi-factor authentication to secure access.
- Only a third (34.5 percent) carry out preventative audits.
The majority (85.5 percent) also forego simulation/emulation with regard to adversaries and threats (via Table Top Exercise (TTX) or adversary emulations). However, without testing critical processes, it cannot be ensured that they will work and support you in an emergency.
A similar picture emerges when it comes to patch management: only one in three companies (35.5 percent) has a corresponding policy for this. Security gaps in applications and operating systems are among the most common attack vectors in companies. For Kai Schuricht, Lead Incident Response Specialist at Kaspersky, this is due to the complexity of patching:
“On the one hand, security gaps can be plugged relatively easily, but on the other hand, the process is usually a little more complicated than you think. When companies decide to update their systems, it takes time. Because these must first be tested, approved and then distributed. This takes time and of course increases the time window in which the systems are vulnerable. The time window for successful attacks also increases. An appropriately well thought-out and therefore efficient patch management can provide support here and take into account the different requirements of, for example, IT security and production at the same time.”
The complete Kaspersky study “Incident Response for Prevention – Why companies in Germany are poorly prepared for cyber attacks and how they can become more cyber-resilient thanks to incident response methods”. here available.
www.kaspersky.de
2023-09-21 15:32:09
#Incident #response #plans #present #companies
