The global and independent platform for the SAP community.

Digitization of processes

Increasing digitization of processes is inevitable for German companies. In this context, vulnerability management is becoming increasingly complex and, not least, more confusing due to shadow IT.
E-3 Magazine
March 9, 2023
avatar
This text has been automatically translated from German to English.

81 percent of large German companies have deficits in dealing with vulnerabilities

In particular, the regularity and depth of vulnerability scans are of crucial importance here. But it is precisely here that German companies show fundamental deficiencies that can lead to serious consequences. Regularly examining one's own IT infrastructure for vulnerabilities is one of the core aspects of minimizing security risks through a forward-looking strategy. In 45 percent of the companies surveyed, for example, the IT infrastructure is scanned for security gaps using a software solution on a daily basis, and in more than one in three on a weekly basis. By contrast, one in five German companies carries out such a scan only once a month (10 percent) or irregularly (11 percent) without a routine. 

This shows that the regularity of a security scan varies greatly depending on the size of the company; the larger the company, the more frequently scans are performed. Especially in grown and complex IT infrastructures, routine and continuous vulnerability scans must complement the IT security concept, otherwise companies run the risk of falling victim to cybercriminals. In cooperation with ManageEngine, the research and analyst firm Techconsult investigated the question of how vulnerability management is structured in German companies and what role software solutions play in this context. For this purpose, 150 IT managers from companies with at least 2000 employees were surveyed in the now published study "Efficient vulnerability management in dynamic IT infrastructures: How German companies deal with IT security risks".

Optimized closure of critical gaps can be achieved not least with the help of a holistic software solution. However, only one in three companies surveyed (33 percent) uses a holistic solution for scanning, assessing and remediating vulnerabilities.

In contrast, 38 percent of organizations use two separate applications for assessment and remediation, which can lead to a more cumbersome and longer remediation process. The longer a vulnerability remains open, the greater the risk of attack, because cybercriminals seek out precisely these "open gates." One in ten companies (11 percent), meanwhile, appears to be at a permanently high risk. In these companies, the complete abandonment of supporting software solutions, using only manual vulnerability assessment and remediation, leads not only to a disproportionately high burden on IT security managers, but also to more security breaches. The extent to which these two factors play out is directly dependent on the complexity of the IT infrastructure in question.

To reduce the extent of potential damage, the companies surveyed prioritize identified vulnerabilities in particular according to damage potential (54 percent) and exploitability (47 percent). This is because highly critical vulnerabilities that can be easily exploited and cause major damage should be closed immediately and with the highest priority. Along with this, severity and vulnerability (45 percent) and the number of affected systems (43 percent) are often used for prioritization. As part of a forward-looking security strategy, vulnerabilities should be assessed using software in order to reliably prioritize and thereby minimize risks.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.