Many companies are aware of the operational dangers IT incidents. They are planning investments in technology and know-how and are also approaching new security approaches such as Zero Trust. What the technical decision-makers from trade, industry and the service sector from security solutions is shown by a survey conducted by techconsult, in which Sophos participated.
More than half of all respondents (52 percent) had used a security (26 percent) had experienced one (26 percent) or more security security attacks on their company in the last 12 months. Phishing (42 per cent) and ransomware (36 per cent) take the top spots. Bronze (31 percent) goes to the attack type "insider threat", subtype "negligent" (there is also "criminal", but this accounts for only 15 per cent). To put it bluntly, this includes scatterbrainedness and ignorance on the part of employees. ignorance on the part of employees, external service providers, partner entrepreneurs or ex-colleagues.
The respondents also see these three problems as security threats for their sectors in the coming years. as security threats for their industries: phishing (51 percent), negligent insider threat (34 percent) and ransomware (28 percent). A good third (32 per cent) complained about disruptions and outages in their in the course of business. 26 percent suffered financial losses as well as the loss of sensitive data. At least many companies are addressing the issue at board level (43 per cent). board level (43 per cent) and have a coordinated security and network strategy (42 per cent). security and network strategy (42 per cent). Thus 49 percent have antivirus solutions and malware detection, 41 per cent have a 41 per cent have packet filtering/proxy firewalls and 38 per cent have data backup, backup and recovery solutions in the drawer.
How do companies plan to arm themselves against future threats?
48 percent rely on the use of new
security technologies. Currently, only 16 percent have a
ZTNA (Zero Trust Network Access). But 61 per cent are planning to introduce
architecture, either within 12 months (26 per cent), 24 months (20 per cent) or in the long
months (26 per cent), 24 months (20 per cent) or in the long term (15 per cent). For only
6 percent this security approach is not an issue.
The complexity of the implementation (36 percent), lack of know-how in the (33 per cent), investment costs that are too high (26 per cent), as well as lack (22 per cent each) and insufficiently tested offers from providers stand or providers stand or stood in the way of the introduction of zero trust. to date.
87 percent want to spend more on technical tools and training courses
The secure connection and networking of their branches is a motivation for 58
of those surveyed are motivated to promote Zero Trust more strongly in their
more in the company. Also, more data security and maintaining the
home office infrastructure (both 56 per cent) would also
boost. Protection against insider threats (55 per cent) could
mitigate future fears (see above).
Two-thirds (60 per cent) expect fewer security incidents with a zero trust architecture. with a zero-trust architecture. Also higher access security to applications in the cloud and improved network security (both 57 percent). percent) also expect greater access security to applications in the cloud and improved network security. Onboarding of employees onboarding of employees in the context of New Work is a very high importance (56 per cent). Lower costs and complexity as well as less downtime (both 51 per cent) also speak in favour of Zero Trust.
In view of these attested benefits, companies are planning concrete technical measures in the coming years. These include the encryption of data and transport routes (34 per cent), user profiling and and corresponding guidelines (33 percent), data loss prevention (30 percent) and data loss prevention (30 per cent) and VPN (23 per cent). In addition to technical solutions, the companies are also concerned with organisational measures measures within their Zero Trust architecture. These include emergency and response plans (35 percent), needs analyses and certifications (32 percent each). per cent each). Network segmentation (second to last place with 17 per cent) and the establishment of risk analysis and risk management (15 per cent) are apparently In order to realise all of this, 86 per cent are planning to 86 per cent plan to increase their security budget in the next two years. security budget. The majority of respondents (36 per cent) are aiming for a increase of 11-20 per cent.
About the survey
As part of a multi-client project in which, among others, Sophos was involved
Sophos was involved, 204 companies were surveyed in December 2021,
from retail, IT, logistics, services and industry. In addition to board members
CIOs, CSOs and IT information security officers were the main respondents.
information.