3月 09, 2023

eco IT security survey 2023: IT security in the German economy still inadequate

Since 2010, eco - Verband der Internetwirtschaft e. V. (Association of the Internet Industry) has annually surveyed the mood of the Internet industry on the state of IT security in Germany, interviewing more than 100 experts from the IT security industry. The results for 2023 have now been published: This year, the IT experts surveyed agree that the threat situation is growing - according to 93 percent of respondents.

The experts also agree that the German economy as a whole is inadequately positioned in terms of IT security. This is in line with the survey results from recent years - the experts' assessment has even become more stringent over the years. In 2021, 66 percent of the experts rated the industry's efforts as "inadequate”, while 77 percent came to the same conclusion. Ransomware attacks continue to dominate as a type of attack - these still often hit companies unprepared.

Ten practical tips for protecting against ransomware attacks

To help companies and organizations protect themselves against ransomware attacks, the ransomware initiative has been formed under the umbrella of eco - Verband der Internetwirtschaft e.V. Members of the initiative are Microsoft, Sophos and Rohde & Schwarz Cybersecurity. For comprehensive protection against ransomware, the initiative recommends ten technical and organizational precautions:

1. Create cybersecurity awareness among your employees. Phishing, whether by mail or phone, is one of the cybercriminals' most successful tools.

2. Use strong passwords and where possible, strong multi-factor authentication.

3. Allow external connections to internal systems only from designated IP addresses or via VPN.

4. Be sparing with the assignment of user rights. Administrator rights in particular should be reserved exclusively for expert IT personnel.

5. Allow apps to be installed only from trusted sources.

6. Unusual network activity is a clear alarm signal, respond to warnings from your monitoring software.

7. Disable scripting environments and macros from external sources. The majority of malware is introduced via Office files.

8. Install timely updates for the software and operating systems you use.

9. Review your business continuity management (BCM) and IT contingency plans and prepare to be temporarily without external service providers in the event of a large-scale cyberattack.

10. Review and test your backup strategy. Backups of all business-critical systems should exist, and restoring them should be tested.

Virtual browser as protection against ransomware

In addition to the above tips, securing Internet access with a virtual browser is a simple but important step to effectively protect against ransomware attacks. The highly secure web browser R&S®Browser in the Box closes the "Internet" security gap via a digital quarantine for attacks: The ransomware software is isolated before it can be executed. As a result, the malware does not have access to the workstation or sensitive network infrastructure at any time. This mechanism also protects against attacks via email attachments while providing support for web conferencing with microphone usage and webcam.

Do you have any questions? We would be happy to advise you individually on how you can protect yourself and your company or organization against ransomware attacks. We look forward to your call or email.