Lack of security awareness in German companies

“37.0 percent of companies in Germany do not regularly train their employees on topics such as spam or phishing. (…) Only every third company (35.5 percent) has a patch management policy. Yet security gaps in applications and operating systems are among the most common attack vectors in companies.

Frightening figures can be found in the Kaspersky study “Incident Response for Prevention – Why Companies in Germany are Poorly Prepared for Cyber Attacks and How to Become More Cyber Resilient Thanks to Incident Response Methods”. Clearly, security awareness in German organisations is not far behind. There is no other explanation for the fact that many companies still offer extensive gateways to cyber criminals. However, adequate protection is no longer a question of large budgets – and is no longer the exclusive preserve of large corporations. Small and medium-sized businesses can also take the necessary precautions and protect themselves. The first step in raising the level of IT and information security is to accept that it is no longer only large organisations that can be targeted by cyber-attacks. Medium-sized and even very small businesses are also attractive targets for cyber criminals, for example to extort ransom money by encrypting data with ransomware Trojans.

Anyone can be the target of a cyber attack

Businesses should therefore be aware that any business can be the target of an attack. How can small and medium-sized companies in particular protect themselves? TEN Information Management offers services for all the topics mentioned in the study to actively manage IT and information security in companies:

  • Awareness campaigns to make employees aware of cyber threats. Simulated phishing campaigns are an integral part of this service offering, allowing employees to experience the dangers of a careless click.
  • Watchdog from TEN IM, a managed SIEM (Security Incident and Event Management) solution that makes it easy to detect missing patches and threats in real time for a fixed monthly price – without any manual effort from the organisation.
  • TEN IM’s penetration testing and vulnerability scanning services help you proactively identify security vulnerabilities in your own IT systems and applications – before real attackers do.

We always provide customised advice and communication at eye level. Interested?

More articles

What is actually the difference between a Vulnerability Scan and a Penetration Test? There seem to be interesting misconceptions about this, as we would like to show with the following practical example.
The terms IT security or information security are often used synonymously, go in a comparable direction but mean different things. However, it is worth taking a closer look to differentiate between the terms. Information security...
Did you know that numerous ISO standards are largely harmonized with regard to their core structure – chapters 4 to 10? This is true for the international standards for quality management – ISO 9001 –...