- New study by the market research company International Data Corporation (IDC): Only 58 percent of companies in Germany have a central concept for information security.
- Lack of awareness: Employees are one of the most important weak points in IT security.
- Despite progressive networking and growing threats, security silos remain in IT security.
- Companies continue to take a reactive (tactical) rather than strategic approach to IT security.
Nuremberg, 30.07.2018. According to Russian President Putin, there were around 25 million cyberattacks on the host country during the World Cup. Also in Germany things are "going well" for cybercriminals. According to the study "IT Security Trends in Germany 2018", two thirds of the companies surveyed recorded security incidents in the past months. The study was conducted by the market research and consulting company International Data Corporation (IDC) - TA Triumph-Adler was involved as a cooperation partner. According to the study, the security situation has become more acute in the course of digitalisation. Although companies have a growing understanding of the benefits of modern, holistic IT security, implementation still leaves much to be desired. And: As before, the company's own employees are the number one security risk, also due to a lack of awareness.
IDC surveyed IT decision-makers from 230 organisations with more than 20 employees on the topic of IT security to gain a comprehensive insight into IT security practices in Germany. According to IDC, the digital transformation is forcing companies to realign their IT security. Background: Comprehensive process automation and operating in ecosystems with partners, suppliers and customers go hand in hand with the networking of IT and IP-based devices. In addition, cloud computing, the Internet of Things (IoT), virtualisation, open interfaces (APIs) and IT systems offer points of attack that must be intelligently secured. According to IDC, cyberattacks are becoming increasingly sophisticated and more difficult to parry with existing protection mechanisms. Legal requirements, regulations, compliance requirements and the associated data protection - such as the EU Data Protection Regulation (EU-DSGVO) - as well as the protection of IT systems that are operated in critical infrastructures (kritis) would also make new investments necessary.
Among the 67 percent of companies with security incidents, PCs and notebooks (34 percent), networks (31 percent) and smartphones and tablets (30 percent) were most frequently affected. According to IDC, this is especially critical because these are used as a gateway into the data centre. But data centres themselves (29 per cent) and servers (28 per cent) were also affected, as were printers (MFP), sensors and IoT. "These figures underline how complex and multi-layered cyber risks are and that companies must protect themselves much more strongly and, above all, better," says Matthias Zacher, Manager Research and Consulting at IDC and project manager of the study.
The user is a potential target of attack. According to the market researchers, employees still rank first among the greatest risks, followed by inadequately secured endpoints (37 per cent) and attacks by cyber criminals. User misconduct and a lack of awareness - for example, of the danger of phishing emails, downloads or device losses - have made it easier for outsiders to gain access to company data in recent months. "In the course of our cooperation with the high-security provider Bundesdruckerei, the topic of awareness is therefore an increasingly important part of every workshop," says Dr Daniel Wagenführer, General Manager Business Development Sales & Service Group at TA Triumph-Adler. For the specialists at TA Triumph-Adler, a careful analysis of the IT security structure, i.e. the determination of the current status at the customer, is always the starting point for further consulting services. Only in this way and with the help of software solutions or the disclosure of weak points with penetration tests can employees be made aware of how to deal with end devices, apps and data in the long term. "We always pursue a holistic approach overall and, of course, also in our workshops." This strategy is confirmed by the results of the IDC study: according to the study, IT security solutions, technologies and services only develop their full effect with the help of comprehensive concepts. However, only 58 percent of the companies have a central concept and an overall solution approach for information security that includes all systems and devices.
Another result: Less than half of the companies surveyed have yet succeeded in taking the step of reassessing their IT security from the prevailing "Prevent and Protect", i.e. the rather reactively oriented security landscape, to "Detect and Respond". The latter aims at continuous real-time monitoring. According to the survey, not even 50 per cent had comprehensively automated their security processes. As a result, potentials such as accelerated processes, higher transparency, the reduction of manual errors as well as the relief of employees are largely not utilised.
Security silos such as endpoint, messaging, network and web security can no longer offer sufficient protection, according to IDC's assessment. "It is not uncommon to see more than 50 to 80 different security solutions in use in a company, either as an on-premises software solution, appliance, security-as-a-service or managed security service," says Zacher. Nevertheless, two-thirds of the companies surveyed consider integration to be necessary for better protection and defence capabilities and have recognised that an integrative approach protects better than the sum of all security solutions. Accordingly, integration is in first place in the evaluation of the various security process topics and underlines the relevance for the users. Nevertheless, there is a lack of implementation here as well.
IDC surveyed IT decision-makers from 230 organisations with more than 20 employees on the topic of IT security to gain a comprehensive insight into IT security practices in Germany. According to IDC, the digital transformation is forcing companies to realign their IT security. Background: Comprehensive process automation and operating in ecosystems with partners, suppliers and customers go hand in hand with the networking of IT and IP-based devices. In addition, cloud computing, the Internet of Things (IoT), virtualisation, open interfaces (APIs) and IT systems offer points of attack that must be intelligently secured. According to IDC, cyberattacks are becoming increasingly sophisticated and more difficult to parry with existing protection mechanisms. Legal requirements, regulations, compliance requirements and the associated data protection - such as the EU Data Protection Regulation (EU-DSGVO) - as well as the protection of IT systems that are operated in critical infrastructures (kritis) would also make new investments necessary.
Among the 67 percent of companies with security incidents, PCs and notebooks (34 percent), networks (31 percent) and smartphones and tablets (30 percent) were most frequently affected. According to IDC, this is especially critical because these are used as a gateway into the data centre. But data centres themselves (29 per cent) and servers (28 per cent) were also affected, as were printers (MFP), sensors and IoT. "These figures underline how complex and multi-layered cyber risks are and that companies must protect themselves much more strongly and, above all, better," says Matthias Zacher, Manager Research and Consulting at IDC and project manager of the study.
The user is a potential target of attack. According to the market researchers, employees still rank first among the greatest risks, followed by inadequately secured endpoints (37 per cent) and attacks by cyber criminals. User misconduct and a lack of awareness - for example, of the danger of phishing emails, downloads or device losses - have made it easier for outsiders to gain access to company data in recent months. "In the course of our cooperation with the high-security provider Bundesdruckerei, the topic of awareness is therefore an increasingly important part of every workshop," says Dr Daniel Wagenführer, General Manager Business Development Sales & Service Group at TA Triumph-Adler. For the specialists at TA Triumph-Adler, a careful analysis of the IT security structure, i.e. the determination of the current status at the customer, is always the starting point for further consulting services. Only in this way and with the help of software solutions or the disclosure of weak points with penetration tests can employees be made aware of how to deal with end devices, apps and data in the long term. "We always pursue a holistic approach overall and, of course, also in our workshops." This strategy is confirmed by the results of the IDC study: according to the study, IT security solutions, technologies and services only develop their full effect with the help of comprehensive concepts. However, only 58 percent of the companies have a central concept and an overall solution approach for information security that includes all systems and devices.
Another result: Less than half of the companies surveyed have yet succeeded in taking the step of reassessing their IT security from the prevailing "Prevent and Protect", i.e. the rather reactively oriented security landscape, to "Detect and Respond". The latter aims at continuous real-time monitoring. According to the survey, not even 50 per cent had comprehensively automated their security processes. As a result, potentials such as accelerated processes, higher transparency, the reduction of manual errors as well as the relief of employees are largely not utilised.
Security silos such as endpoint, messaging, network and web security can no longer offer sufficient protection, according to IDC's assessment. "It is not uncommon to see more than 50 to 80 different security solutions in use in a company, either as an on-premises software solution, appliance, security-as-a-service or managed security service," says Zacher. Nevertheless, two-thirds of the companies surveyed consider integration to be necessary for better protection and defence capabilities and have recognised that an integrative approach protects better than the sum of all security solutions. Accordingly, integration is in first place in the evaluation of the various security process topics and underlines the relevance for the users. Nevertheless, there is a lack of implementation here as well.
About TA Triumph-Adler GmbH:
TA Triumph-Adler GmbH is a German company specialising in multifunction printers and digital office solutions. With a history spanning more than 120 years, the company is now one of the longest-established brands in the information technology and telecommunications (ICT) sector. TA Triumph-Adler develops and supplies holistic solutions that cover the entire document handling process. The services it offers include individual analysis and advice for business customers, implementing an IT-based document workflow and continuous process optimisation using its own asset and system management solution, TA Cockpit.
In Germany, the TA Triumph-Adler Group is represented by a professional direct sales organisation with 31 branches. In Europe, TA Triumph-Adler has sales subsidiaries in Austria, Switzerland, the Czech Republic and the UK. The TA Triumph-Adler Group also supplies other distributors in more than 25 countries in EMEA with TA Triumph-Adler and UTAX brand products. Since October 2010, TA Triumph-Adler GmbH and its registered brand UTAX have been wholly owned by Kyocera Document Solutions Inc. based in Osaka, Japan. The company’s registered office is Nuremberg and its operational headquarters are in Hamburg.
In Germany, the TA Triumph-Adler Group is represented by a professional direct sales organisation with 31 branches. In Europe, TA Triumph-Adler has sales subsidiaries in Austria, Switzerland, the Czech Republic and the UK. The TA Triumph-Adler Group also supplies other distributors in more than 25 countries in EMEA with TA Triumph-Adler and UTAX brand products. Since October 2010, TA Triumph-Adler GmbH and its registered brand UTAX have been wholly owned by Kyocera Document Solutions Inc. based in Osaka, Japan. The company’s registered office is Nuremberg and its operational headquarters are in Hamburg.