- 95 percent of all respondents think that the cyber threat to the German economy is continuing to grow
- Filters against malicious e-mails and spam are gaining more importance
Security incidents caused by ransomware like WannaCry have increased dramatically over the last year, according to the eco Survey IT Security 2017. Roughly one in three (31 percent) of the 590 security experts surveyed has recently experienced at least one ransomware attack in the company. 78 percent of the victims used their backup to retrieve the lost data. In this way, most of the damage was successfully limited to a temporary IT failure and data loss. 10 percent of those affected also managed to decrypt their own data. Only 3 percent actually paid the ransom, and 7 percent did not respond and thus accepted the loss of their data.
“The many security incidents caused by malware like WannaCry are an important reason why many companies perceive the current security situation as increasingly threatening,” says Oliver Dehning, Leader of the Competence Group Security at eco – Association of the Internet Industry. 95 percent of the IT security experts surveyed view cybercriminals as a growing threat, and every second forecasts even stronger growth.
Growing number of companies experiencing IT security incidents
“Many experts have an increased sense of threat that actually reflects the reality – as can be seen in the actual number of cyber security cases,” comments Dehning. Only about 54 percent of the companies reported no significant recent security attack. This figure was considerably higher in 2016.
“In addition, many companies are victims of a cyber-attack without necessarily realizing it. This means that the number of unreported cases is once again significantly higher,” says Dehning.
In many cases, spam e-mails facilitated the spreading of malware, for example, through compromised email attachments or in form of a link to a malicious website. As a consequence, spam filters have gained more relevance for the experts as an important security issue. Topics related to e-mail communication, such as anti-spam and anti-virus, made the greatest leap up the ranks compared to last year, from the 15th place to 6th place in the most important security topics. As in the previous year, data protection (1st place) and encryption (3rd place) continue to be topical issues. Sensitization of employees (2nd place) as a preventive safety measure for protecting IT infrastructure has become more important for experts. “It goes without saying that a high level of security is also a matter of promptly updating all IT systems, doing constant backups and using strong passwords,” says Dehning.
Cloud computing safer than thought
Many security experts remain skeptical about cloud services. 57 percent of all experts are convinced that the cloud leads to lower IT security in the company, only 2 percentage points less than last year. However, those concerns seem to be unfounded: for most security incidents, the cloud is not the cause of the problem: only 6 percent of all respondents see a connection between a security incident and cloud computing.
New security strategies for the current cyber threat situation are on the agenda for the upcoming Internet Security Days https://isd.eco.de/. In the course of this event, nearly 600 visitors from more than 20 countries will come together at the amusement park Phantasialand near Cologne, on the 28th and 29 of September 2017. The early bird discount of 15 percent on tickets https://events.heise.de/isd2017/4307417 will run until August 11.
As part of the eco Survey IT Security 2017, the eco Association surveyed 590 IT security experts on the current security situation. Half of all the respondents are accountable for IT security on the provider side (49 percent), whereas the other half are responsible for the user side (47 percent).
Download the eco Survey IT Security 2017
Listen to an in-depth interview with Oliver Dehning, “Cybercrime against Companies – There’s Money to be Made” on dotmagazine.