Cybercrime: "Security chaos" in companies
A new cyber security report for the DACH countries speaks of a "security chaos in the economy". More than a third of companies have been attacked by hackers at least three times in the last two years - often without realizing it.
Around 60 percent of companies in Germany, Austria and Switzerland (DACH region) have fallen victim to a cyber attack at least once in the last two years. This is according to the "Cyber Security Report DACH 2024" by security firm Horizon3.ai. A sample of 300 companies was examined for the report. According to the report, well over a third (37%) of companies reported a specific incident. Just under a quarter (23%) did detect a hacker attack from the Internet, but were able to fend it off completely according to their own statements. 28% of the companies contacted by Horizon3.ai do not even know whether or not they have fallen victim to a cyber attack in the last 24 months. Only 12 percent of companies say "We are certain that we have not been attacked."
Almost a quarter were attacked three or more times
According to the "Cyber Security Report DACH 2024", almost a quarter of companies (23%) were exposed to a hacker attack three times and a further 12% even more frequently in the two years surveyed. A further 18% were "only" attacked twice during this period and 11% once from the internet. "The number of unreported cases is likely to be many times higher," suspects Rainer M. Richter, Head of Europe and Asia at the security company Horizon3.ai, which published the study. He fears: "In view of around 70 new vulnerabilities in software programs that are discovered every day and the growing complexity of computer and network environments, many companies have long since lost track of how vulnerable they really are and how often they are actually attacked. Cases of attackers roaming around company networks for months on end and tapping into confidential data without being noticed are well known. Many attacks only come to light when there is an immediate impact on ongoing operations or a ransom note appears on the screen."
Downtime, financial losses, legal consequences and data theft
According to the "Cyber Security Report DACH 2024", 63% of the companies surveyed had suffered downtime due to a cyberattack in the two years under review. 42 percent (multiple answers were requested) suffered financial damage as a result. 36 percent suffered legal consequences. In 34 percent of all cases, data was stolen. 29 percent of companies received a ransom demand in order to release data encrypted by hackers.
Security expert Rainer M. Richter is surprised: "Many board members, managing directors and IT managers don't seem to realize that, in addition to the consequences for their company, they can also face personal liability if a cyber attack causes serious damage. In these cases, it is up to them to prove that they have done or ordered everything humanly possible to prevent sensitive customer data from being stolen, for example."
Widespread naivety at management level
The participants selected for the survey predominantly hold a position of responsibility in their company: Chief Information Security Officer (23 percent), Team Leader IT (21 percent), Chief Information Officer (18 percent), Chief Technology Officer (13 percent) and System Administrator (7 percent). "According to the survey, half of those personally affected do not expect to be held liable for potential damage," says Rainer M. Richter, surprised at the widespread naivety of managers when it comes to cyber risks.
The cyber security expert warns of a security chaos: "The economy is urgently called upon to do its homework when it comes to cyber security. The waves of attacks will be AI The pace of cyberattacks is becoming increasingly faster and more aggressive, while at the same time more and more devices are being connected to the company network through home office and the Internet of Things, making the gateways for hackers visibly larger. The gap between the level of risk and the level of protection is therefore widening."
Penetration tests against security chaos
Rainer M. Richter advises companies to "carry out penetration tests with great frequency in order to continuously check their cyber resilience." During such a test, an attack is carried out on the company's own premises in order to detect security vulnerabilities. In the financial sector, the European banking supervisory authority carries out regular penetration tests under the term "stress test" to check the financial institutions' ability to defend themselves against hacker attacks. "I advise every board member, managing director, authorized signatory and IT manager from all other sectors to regularly subject their own company to this kind of acid test," says the Head of Europe and Asia at Horizon3.ai, certainly not entirely altruistically, as his employer operates a platform called NodeZero, which aims to make such penetration tests affordable for SMEs.
Source: www.horizon3.ai
