The cyber security situation in Germany is improving, but with attacks increasing in severity and the skills gap widening, progress is not being made quick enough and this could leave businesses at risk.
So what is the state of cyber security in Germany moving into 2020? And more importantly, what can you do to manage your cyber risk?
Germany is considered less prepared than other Western European nations In the most recently available ITU Global Cybersecurity Index, Germany ranks 13th in Europe for its commitment to cyber security, and 22nd on the global ranking (up two positions from the 2017 report).
Germany’s answer to cyber crime in recent years has been to introduce more stringent legislation, but some experts believe this isn’t enough.
“The theory that passing more stringent legislation somehow makes a country safer, does not add up in my view,” Professor Alan Woodward, of the Surrey Centre for Cyber Security, told Raconteur. “[...] Cybercriminals, whether they’re state sponsored or working for themselves, don’t have any respect for the rule of law.”
Professor Woodward went on to note that laws rarely keep up with the fluid, fast-evolving nature of the digital world, and suggested that a better option for Germany would be to promote information-sharing between EU states, and to champion cyber awareness.
When an organisation reacts to a cyber breach, it’s already too late. Reactive strategies are important, of course, but these must be coupled with proactive defence initiatives to patch known vulnerabilities.
As was noted in the Federal Office for Information Security’s “The State of IT Security in Germany” report from 2018, most German organisations are “particularly focused” on reactive measures. Security-conscious behaviour was minimal, with only 45% of respondents securing their personal data, just 37% installing available updates immediately, and less than a third keeping up to date with the latest information on cyber security.
While bot infections and ransomware are growing threats, malware remains a significant problem in Germany. More than half of the attacks noted in 2018 were malware infections, according to the 2019 version of the State of IT Security in Germany. These infections were designed to penetrate corporate IT systems to perform “malicious operations”.
The report found that the total known malware variants hit an all-time high in 2019 (closing in on 1 billion), and that there were 114 million new variants found last year.
The era of cloud technology has been of great benefit to organisations. However, cybercriminals also have their hands on the cloud, and can use it to pump out ferocious distributed denial-of-service (DDoS) attacks.
In 2016, according to the 2019 State of German IT Security report above, the share of cloud-based DDoS attacks in Central Europe was a mere 2%. In 2018? That had risen to 59%.
And these attacks have significant force - in 2019, DDoS attacks hit a peak bandwidth use of 300 Gbps. 2018’s peak was just greater than 100 Gbps. Your average single user would typically require just 1-10 Gbps from their cloud provider, showing the real scale of these attacks.
It’s been known for some time that there’s a distinct lack of cyber security professionals in Europe, and that trend has and likely will continue.
Just over 80% of German respondents to a survey by McAfee agreed there is a skill shortage in this area within their organisation as well as their country. Additionally, survey participants felt that this year 15% of cyber security jobs would go unfilled in their company.
Looking at Europe as a whole, (ISC)2 predicts around 561,000 cyber security jobs will go unfilled, with 4.07 million going unfilled around the globe.
Protecting your organisation may require a high degree of business transformation - driving rapid performance improvements across departments, including developing cyber resilience strategies and building a strong digital cyber culture.
Such cyber security programs are built one step at a time, and at dig8ital, we’re the experts who can help you achieve this. But we know that every team is different. Want to learn more about how we can help your organisation in particular? Contact our team today.