Protecting against cyber warfare: when cybersecurity automation is less common than cyber insurance

October 16, 2022

Comment: Mirko Bulles, Director Technical Account Management EMEA/APAC at Armis

Since the origins of cybersecurity, there has been a constant chicken and egg conflict between compliance and cybersecurity. The recurring issue in this dispute is who gets first and more attention. Most companies tend to act only after they have been the victim of a security breach by cybercriminals. Others react only when fines for compliance violations threaten their business development. In reality, the two areas are interconnected and compliance is often required to support cybersecurity efforts. At the same time, more budget is needed to keep up with the ever-changing cyber threat landscape and increasing IT sprawl – the unmanageable introduction of more and more IT devices, components, software and interfaces. Ultimately, it is a mix of people, processes and technology (PPT) that protects businesses from cyber attacks, not mere compliance. Worse still, most businesses in critical infrastructures such as transport, healthcare, food and energy are not only at risk from cyber criminals, but also from nation-state actors, or at least those supported by them.

Despite the risk of constant cyber attacks and the daily increase in threats, many IT and OT security professionals in DACH manage their security tools manually to a certain extent. The results of a recent survey of 651 IT security professionals in the DACH region by market research company Censuswide show that less than half of the companies have automated IT security software to detect APTs, which have been identified as the most dangerous groups and are often supported by state actors. On the contrary, 43 percent of these companies manually look for suspicious behaviour through predefined alerts. The reason could be a lack of financial resources, but it seems strange that in the survey, more than 66 per cent of respondents said that their companies have cyber insurance, but of those, only 51 per cent have cyber insurance against security incidents caused by threat actors such as APT groups or could be considered cyber warfare.

The need for automatic detection of security risks, which would reduce response time to infiltrations and cyber-attacks, seems to be less important than having cyber-insurance. This result suggests that covering potential damage seems to be more important than preventing damage beforehand. This conclusion also fits the picture of the conflict between cyber security and compliance mentioned at the beginning. The majority of experts surveyed stated that they are currently in the process of taking additional technical and organisational measures to be compliant with the latest regulations such as the IT Security Act 2.0 in the case of CRITIS operators or for B3S in the case of hospitals.

However, the problem remains: You can only protect what you can see. As long as the goal is to clean up a potential mess and show law enforcement that the company has complied, these issues will not be addressed. Executives need to understand that compliance and purchasing cyber insurance will not protect against a security incident, but that it takes people skills, processes that work and innovative technology to protect the organisation from cyber-attacks. Transparency is key to protecting the various IT, OT, IoT and IomT environments. Knowing – what the assets are, how many there are, where they are, how they behave, how important they are and whether they are vulnerable in any way – these are all questions that ultimately all organisations need to find answers to, especially in these times of uncertainty.

Genetec

Related Articles

Belgium becomes football world champion, at least digitally

> The big digital check for the World Cup by nexum AG> Germany in 3rd place behind the Netherlands, but ahead of England, France and Spain In the next four weeks, the sporting world champion will be determined among the best football teams. But already today a winner...

Every fifth German open to e-prescription

Every fifth German open to e-prescription

Seniors over 65, however, are in favour of the completely analogue or predominantly analogue variantOne in five Germans would want to redeem a doctor's prescription exclusively digitally in future. Another 21 per cent would choose the digital option for the most part....

Stupid pupils cost the economy around 700 billion euros

Stupid pupils cost the economy around 700 billion euros

According to the ifo study, two-thirds of young people globally do not achieve basic skills Two-thirds of young people worldwide do not achieve basic skills that should be taught in school. This is according to a new study by the Ifo Institute (https://ifo.de). In...