In the opinion of many responsible persons, cyber security should be increased

top cybersecurity companies

In the past few months, a number of administrations and companies have fallen victim to digital attacks. Many of the attacks went so far that individual districts or even companies had no chance of working for days or weeks. A study has now revealed that almost 75 percent of IT-savvy people require increased security. But how can this be implemented?

Figure 1: According to experts, the cyber security in many companies is not sufficient. Image Source: @FLY:D / Unsplash.com

What does the study say?

The study published by Statista and G Data dealt with the security situation in companies. The message is clear, because three quarters of people with higher IT security skills want IT security to be given higher priority in companies. And that’s important. However, the study also gives some things to consider:

  • IT competence – Those with higher IT skills are generally more critical of security and expect significant improvement.
  • laymen – People who are less familiar with IT, on the other hand, are less critical. This can indicate carelessness and become a major and expensive problem for the company.

The explanation is relatively simple, because people with an affinity for IT understand, for example, the background around VPN, Two-factor authentication and other security options. Many less familiar people do not. And that in turn creates problems:

  • risk factor – to this day, phishing attacks are successfully carried out in companies because fewer employees who are not familiar with IT click on links or attachments without knowing it.
  • role distribution – Many employees do not feel responsible for IT security, but place it entirely in the hands of IT experts. The problem: Many security gaps arise at the mere workplace, not where the IT works.
  • Lack of training – to this day there are companies that do not attach any particular importance to IT as a whole and have no specialists whatsoever in their operations. They also don’t train their employees properly. External consultants are also rarely used.

What cybersecurity measures can companies take?

In general, every company needs to move away from the idea that cybersecurity is solely in the hands of an IT expert. He is certainly responsible for ensuring that the entire IT construct works smoothly, that programs are properly installed and that a safety net is in place, but ultimately security is in the hands of each individual employee. But what is important now?

  • validation – currently there is a Germany-wide operating service company, which to this day can no longer write proper accounts. The reason: a hacker attack with a ransom demand and the complete loss of server data. Every company today has to put data backup first. The backed up data must be completely independent of the actual system, because this is the only way they can be used in an emergency. A daily data backup is of course also necessary.
  • architecture – every company needs a security architecture tailored to the operation. For this it can be helpful to bring an outside expert on board.
  • Testing – the systems and servers should be regularly checked for vulnerabilities. The pen test helps with this. If it is carried out, the corresponding software specifically searches for weak points in the infrastructure and shows them. Testing IT systems in this way ultimately helps to increase security over the long term.
  • home office – Even with remote workplaces, the security precautions must be effective at all times. This sometimes means that an employee only has access to the company server via VPN. The practice of allowing employees to use private laptops or PCs is very questionable. Since no employer is entitled to the protection of this device and no one knows to what extent the device is otherwise used, such devices always pose a risk.

But all this is not enough. Unfortunately, the core of the problem often lies with the employees who have not been trained accordingly or who have been told that IT will take care of something. It is imperative for companies to train their employees efficiently:

  • danger points – Employees have to learn what dangers are lurking on the Internet or in e-mail inboxes. Many people today still believe, even in their private lives, that phishing e-mails can be identified at a glance. E-mails are designed so perfectly today that even experts cannot tell at first glance whether it is a copy. It is important that employees act so cautiously that they prefer to consult one too many times.
  • point of contact – Employees need a fixed point of contact that they can turn to immediately.
  • understanding – the IT training of employees must be tailored to the understanding of the problem. Everyone understands a danger better when they understand how it affects it. Sometimes it helps to take the training to a private level, because a danger often seems more real if it can also hit the laptop at home.
  • problem detection – in many companies the danger itself is not recognized. This goes all the way up to management. A hacker attack that paralyzes a business can ruin a business completely. An example: If a company can neither create offers nor buy or sell products, if the customer data has completely disappeared and if the problem cannot be solved quickly, the result is insane damage that can only be made up for by the loss of customer confidence.

The problem, especially in the public sector, is that many companies or authorities still do not have an IT expert. In a number of authorities, for example, a reasonably fit teacher installs and maintains the IT for an entire school. Even in smaller companies, the problem is not uncommon. Small and medium-sized companies such as law firms do not have any IT specialists on board at all, but regulate the entire security themselves. Cyber ​​security in these companies must therefore be fully developed.

Figure 2: All employees in a company should know the basics of IT security. Image Source: @ Christina-woceintechchat.com / Unsplash.com

Conclusion – put IT security first

What used to be real burglars are now hackers. And these can cause enormous damage, because they either demand a ransom without ever saying that the data will be released again, or they simply destroy all data. For a company, this is an absolute fiasco, which is accompanied by a great loss of trust. Cyber ​​security must therefore come first.

Leave a Reply

Your email address will not be published.