Almost 9 out of 10 companies are victims of cyber attacks
Due to the coronavirus pandemic and the associated digitalization boom in the corporate environment, cybersecurity has become a hot topic over the past year. The threat situation for companies, public institutions and critical infrastructures has intensified.
Current bitkom studies (as of August 2021) show the alarming increase in data theft, espionage and sabotage, which is causing considerable damage to companies in Germany. The topic is now also present in politics: The IT Security Act 2.0, which was last passed in May 2021, prescribes certain measures for companies in critical infrastructure or of "special public interest" (hospitals, waste disposal, armaments, etc.). They must also exchange information with the BSI (Federal Office for Information Security). The law was passed against the background and with the explicit aim of combating targeted attacks. In 2015, during the debate on the first iteration of the IT Security Act, there was still talk of "IT breakdowns or even targeted attacks", as if the latter were barely conceivable.
Cybercrime is real
Developments over the past twelve months in particular show that cybercrime, in some cases even well and professionally organized, is omnipresent. Nevertheless, politicians discuss IT security almost exclusively in the context of critical infrastructure. The vast majority of companies that hold important, sensitive data (e.g. dentists or online retailers) are largely left alone with their IT security issues. While billions are being invested in funding for electric cars, politicians are limiting themselves to appeals when it comes to IT security. According to recent bitkom studies, 86% of the 1,067 companies surveyed have suffered cyberattacks in the past twelve months. In comparison: in 2019, the figure was 70 percent. Phishing attacks, i.e. the execution of Trojans or the digital tapping of access data via email, for example, are still the main problem. However, ransomware attacks, i.e. blackmail using encryption, are also in vogue. These are often the result of a successful phishing attack.
Home office as a gateway
The coronavirus pandemic and the associated increased digitalization of processes and working from home have opened up new opportunities for hackers. Almost one in four companies (24%) admitted that the attacks were primarily attributable to working from home - more than half (52%) suffered damage here. It is not just corporations and big names that are affected: 88% of companies with between 10 and 499 employees stated that they had been affected by theft, industrial espionage or sabotage in the past twelve months. Almost all others (11 to 12 percent) said they were at least "probably affected".
Most attacks originate from: Germany
Certain countries are often immediately placed under general suspicion when the keyword "hacking" is mentioned. Although it is certainly not always possible to determine where the digital attack originally came from, a clear picture nevertheless emerges. As part of the bitkom study, companies were also asked whether they could identify countries as the geographical origin of the attack (multiple answers were possible): At 43 percent, Germany was number one on the list, followed by Eastern Europe excluding Russia (37 percent), China (30 percent), Russia (23 percent), the USA (16 percent) and EU countries excluding Germany (3 percent). Interestingly, compared to the 2019 survey, almost all geographical origins mentioned have increased by 3 to 9 percent, with only attacks from the USA decreasing by 1 percent.
@-yet: 131 IT security incidents since fall 2019
Since fall 2019, @-yet has recorded a total of 131 IT security incidents in which attacked customers were or are currently being helped. As part of our incident response, we advise and respond in the event of a cyber attack. How do I communicate this incident internally and externally? Which data protection laws do I need to observe? Do I have to delete, back up or take something offline? How do I prevent such incidents in the future? Being prepared for such moments and questions can save companies a lot of money. Because every day that a supplier cannot deliver or a clinic cannot operate - due to encrypted data and/or shutdown systems - costs a lot of money.