Protecting critical infrastructures is more important than ever. Even though cyberattacks on companies are no longer rare, the risk is still often underestimated. Current developments in IT are supposed to minimize attacks and damages. The question if there will ever be one-hundred percent protection from cybercrime, however, remains unanswered.
Source: Report (+) PLUS Magazin, 11/2018 pp. 5-9
Currently, it seems as if the perpetrators are always one step ahead. Many companies only recognize the damaging incidents when it is too late and the horrific effects can barely be stopped. The increasing digitalization and connectivity of intelligent systems, in particular, are posing new challenges for companies.
“Threats that are difficult to fathom are more frequently underestimated.”
Samuel Brandstätter, avedos GRC GmbH
More and more data is being collected through different channels – sometimes without a clear-cut objective. This results in new attack vectors that must be incorporated into a security solution. The vulnerability of IT systems demands a flexible security by design. The General Data Protection Regulation (GDPR) and guidelines for network and information security (NIS) serve as the motor for all current developments. Companies that handle sensitive and/or valuable data are highly attractive targets for cyberattackers. These incidents are gaining visibility due to the new legal requirements and reporting obligations. Accordingly, data protection is no longer just an issue for IT.
Approximately half of the companies surveyed by Report (+) PLUS stated that they want to increase their budget for cybersecurity within the coming year. The gap between good intentions and actual actions, however, is significant. Most companies allocate a mere 2-5% of their total IT budget to this topic. Due to the complexity and necessity for a sound security solution, there is a clear need to make up ground in this respect.
“Technology can and must protect against vulnerability. The necessary complexity is increasing in sync with the growing IT infrastructure in companies.” Samuel Brandstätter, avedos GRC GmbH
Since organizational and human weaknesses also play a role, technical solutions only help to a certain degree. An information security management system incorporates – in a best-case scenario – all key decision-makers. This colossal task is more than just the responsibility of the CIO or security officer and, therefore, must be firmly anchored across the entire organization.
Get informed on the facts and latest trends in GRC – and stay tuned for upcoming events, webinars, podcast episodes or trainings.