76 percent of digital security decision-makers in Germany believe that traditional IT strategies provide insufficient protection against new digital risks. Established measures and rules of conduct thus need to be enhanced as soon as possible to cope with the networking risks connected with, for example, Industry 4.0 applications—according to 74 percent of digital security decision-makers. 61 percent believe that their own employees are a weak point of their own IT strategy. These are the findings of the Command Control Cyber Security Index 2018*. A total of 300 specialists and managers with decision-making authority for digital security in Germany were surveyed about various different aspects of security on behalf of the new Cyber Security Summit Command Control (September 20–22 in Munich) by a market research institute.
As a result of the rapid expansion of digital corporate networks, the number of endangered components in companies is increasing. One reason: The more devices that are networked with one another via the Internet of Things (IoT), the more options there are for possible attackers. Against this background, an interesting finding was that only around one out of every two digital security decision-makers states that their own employees are consistently trained in how to handle IT risks when they first join the company. This figure is only slightly smaller in medium-sized companies with 100-999 employees (52 percent) than in large corporations with 1,000 or more employees (54 percent).
“Whether a medium-sized company or a large corporation, the threats posed to those assets worthy of protection by targeted attacks are comparable,” says Helko Kögel, Director of Consulting at Rohde & Schwarz Cybersecurity. “It is important here to actively question how various different security cultures in globally active companies handle the “crown jewels” on a daily basis. The goal must be to develop a sophisticated level of risk awareness that is in harmony with the relevant security measures.”
However, around 40 percent of companies do not continuously keep their employees up-to-date about the latest risks—and this is true on this scale amongst both medium-sized companies and also large corporations. There are also major differences in how companies deal with their own security rules: 55 percent of decision-makers report that any bans imposed by the company—e.g. on apps, social media or messaging services—are strictly observed. Conversely, this means that almost one in two companies has a lax approach to these rules in practice.
“If they are not informed about changing risk scenarios and there is a lack of ongoing communication about digital security risks within the company, employees can easily leave the door wide open for attackers due to their behavior. Companies thus need to continuously sensitize their staff to the theme of security,” comments Katharina Keupp, Project Manager for Command Control at Messe München.
Command Control is a cyber security summit that has been newly established by Messe München. The event will be held for the first time from September 20–22 in Munich and is primarily aimed at managing directors, CEOs, CISOs, CROs and all other decision-makers involved in company digitalization. Learn how to securely manage the digital transformation of your company and how to exploit cyber security as a growth lever for your company at Command Control. The summit places its main focus on customized training and networking offers for decision-makers. Speakers include, amongst others, the Founder and CEO of Kaspersky Lab, Eugene Kaspersky, the director of the Cybercrime Research Institute, Prof. Marco Gercke, the EU parliament's rapporteur for the European legislation on cyber security, Prof. Angelika Niebler (MdEP), the awareness specialist Lance Spitzner from the SANS Institute and the former CIO of the US Department of Defense, Terry Halvorsen.
A total of 300 specialists and managers in Germany who have sole or joint decision-making authority for digital security were surveyed in June 2018 by a market research institute for the Command Control Cyber Security Index. 200 participants work for medium-sized companies with between 100-999 employees. A further 100 participants work for large corporations with 1,000 employees or more. The main sectors covered by the survey were the manufacturing industry, finance, trade, transport/logistics and healthcare.
The program schedule of Command Control is available at cmdctrl.com/programm