Despite the digital boom, there is still a lack of budget for enhanced IT security.

Despite the digital boom, there is still a lack of budget for enhanced IT security.

Patrick Müller
by Patrick Müller
25.05.2021
0 Shares

Cyber-attacks can threaten the very existence of companies. However, many businesses still do not invest enough in secure IT systems. Current research projects are developing approaches to help even small companies protect themselves cost-effectively.

The Federal Office for Information Security (BSI) recommends investing up to 20 percent of IT spending in security. While this may be a somewhat general guideline and varies depending on the business model, size, and industry, in my opinion, more budget for IT security would certainly be desirable!

Last week, I had an insightful exchange with Sylvia Meier from Springer Professional about gaps in IT security, ransomware, and how companies can raise employee awareness around cybersecurity.

The article by Sylvia Meier featuring excerpts from our conversation is available online at Springer Professional:
➡️ Despite the digital boom, there is still a lack of budget for enhanced IT security


Additional Details:

Cybersecurity is more important than ever!
The numerous attacks in recent times consistently prove this. The point raised in the latest Arvato Systems Whitepaper, that unintentional human errors lead to security risks, should not be underestimated. The referenced Microsoft Security Report attributes 71% of cyber-attacks to this cause. This was also confirmed in a recent Sophos study on data ransom cases, which reported that 61% of these ransomware attacks stem from employee or external service provider involvement.
➡ Training all employees on IT-related issues is crucial!

Employee training always pays off, and in this case, through an anti-hacker training that raises awareness of cybersecurity. According to the international Sophos study on data ransom cases, 61% of these ransomware attacks were linked to actions involving employees or external service providers.

I assume that this was unintentional "assistance," and that better vigilance through training could have prevented some incidents. While Sophos doesn't explicitly cover employee training, the study does offer some recommendations for prevention, including my favorite topic: backup. 😉

Additional findings from the study:

  • 59% of attacks also encrypted data in the cloud,
  • For the first time, service providers working within the company were listed as a cause,
  • Ransom payments did not always lead to data recovery,
  • Most data was recovered from existing backups.

Should you fall victim despite all precautions, then don't pay but instead contact the #noMoreRansom initiative by Europol: ➡️ No More Ransom Project


Further Reading:

Backup as Part of IT and Cybersecurity


Patrick Müller
Patrick Müller
Lecturer & Author | Data Analytics, IT Forensics, and Fraud Detection | Building & Training In-House Analytics Teams & Architectures in Corporations

No comments yet

What do you think?

Mr. 01 Analytics

Transform data into EBIT, prevent fraud, and boost profitability with our tailored Data & Analytics and IT coaching. We help optimize and secure your business processes and IT systems.

Receive monthly inspiration on data, data analytics, and approaches to prevent fraud and identify opportunities.
Subscribe to the newsletter
Copyright: All rights reserved.
 | Privacy Policy | Imprint | Whistleblowing System
..