Many Swiss companies do not even have basic protection
Companies in Switzerland lack basic cybersecurity measures, that is one of the key findings of a Kaspersky study. Although even simple steps could increase the level of security, there is a lack of attention to the topics of password policies, backups and multi-factor authentication.
One in four companies (24.5%) in Switzerland faced more cyberattacks last year. Decision-makers should therefore be aware that a preventive and sustainable cybersecurity strategy is a "must" for sustainable cyber protection, as Kaspersky writes.
Password policies, backups, employee training? Not necessary
As the Kaspersky survey finds, many companies lack basic security measures: Password policies (66%), backup creation (60%) or multi-factor authentication (70%) are still used by too few companies. These are fundamental measures that, together with a dedicated cybersecurity solution, would provide basic protection against attacks.
Furthermore, 46 percent of companies in Switzerland do not regularly train their employees on topics such as spam or phishing - the classic gateways for cybercriminals to obtain access data. The crux of the matter is that the days of poorly written spam and phishing e-mails full of spelling errors are long gone. Today, they can hardly be distinguished from real messages. However, only about two-thirds (62%) of companies use anti-phishing software to protect themselves. In addition, only about half of the companies (54%) currently have a patch management policy. At the same time, security vulnerabilities in applications and operating systems are among the most common attack vectors in companies.
Furthermore, 46 percent of companies in Switzerland do not regularly train their employees on topics such as spam or phishing - the classic gateways for cybercriminals to obtain access data. The crux of the matter is that the days of poorly written spam and phishing e-mails full of spelling errors are long gone. Today, they can hardly be distinguished from real messages. However, only about two-thirds (62%) of companies use anti-phishing software to protect themselves. In addition, only about half of the companies (54%) currently have a patch management policy. At the same time, security vulnerabilities in applications and operating systems are among the most common attack vectors in companies.
Patch Management
"Patching is always a challenge. On the one hand, it is relatively easy to plug security gaps, but on the other hand, the process is usually a bit more complicated than you think," says Kaspersky's Kai Schuricht, on the lack of patch management in companies. "If companies decide to update their systems, this takes some time. This is because they first have to be tested, released and then distributed. This takes time and, of course, increases the window of opportunity for systems to be vulnerable. The time window for successful attacks is also extended. An appropriately thought-out and thus efficient patch management can provide support here and take into account the different requirements of, for example, IT security and production at the same time."
The full Kaspersky study "Incident Response for Prevention - Why companies in Switzerland are ill-prepared for cyber attacks and how they can become more cyber-resilient thanks to incident response methods" is available at https://kas.pr/ir-report_ch
(Visited 249 times, 1 visits today)
