The global and independent platform for the SAP community.
Community News, MAG 24-09

Phishing, DDoS and ransomware

Phishing emails to steal passwords, DDoS attacks to paralyze IT or ransomware attacks to infiltrate malware, encrypt data and extort ransom money - this is part of everyday life for many companies.
E3 Magazine
September 3, 2024
Content:
avatar
This text has been automatically translated from German to English.

Cloud services offer protection against many of these cyberattacks. Of the 81% of companies that currently use cloud computing, more than half state that they have not experienced any cyberattacks on their cloud environment in the past twelve months. A further 35% have experienced attacks, but the security measures have taken effect and reduced the impact. Only six percent experienced major disruptions to operations as a result of the attacks. These are the results of a representative survey of 603 companies with 20 or more employees from all economic sectors in Germany commissioned by the digital association Bitkom.

Digitization and security

Nevertheless, the risk of companies falling victim to a cyberattack remains high: 82% of IT and security managers from 150 companies in Germany surveyed by Lünendonk have observed an increase in cybersecurity risks since the beginning of 2023.
According to 40% of respondents, digitalization in particular is leading to a new quality of threat: As software now permeates practically all areas of the company and more and more business processes are being moved to the cloud, the number of attack opportunities for hackers is increasing. These are the findings of the new Lünendonk Study 2024, "From Cyber Security to Cyber Resilience - A More Complex Threat Situation Requires New Approaches". The study was produced in technical collaboration with KPMG and is available to download free of charge at www.luenendonk.de.

However, the geopolitical situation is also contributing to an increase in threats. Companies see gateways through a lack of email security and associated phishing attacks or inefficient vulnerability management. Despite the increase in IT security risk, 33% of the companies surveyed do not have a complete overview of their specific cyber security status.

Cyber attacks on the cloud are usually repelled. Have you had a cyberattack that affected the cloud environment in the past twelve months? Values in percent (n = 487). Source: Bitkom.

The complexity of cyber defense measures continues to grow, as cyber threats are increasingly coming from both inside and outside the company. 71% of companies see an increased risk of falling victim to a ransomware and/or phishing attack. This risk is further increased by technological developments in artificial intelligence (AI), which will vastly improve the quality of phishing attacks.

According to the study, the risk of insider threats, i.e. the deliberate disclosure of data or intellectual property by employees, has also increased enormously: While 37% of companies still perceived a high threat from this at the beginning of 2023, this figure will rise to 65% in 2024. "Increasing networking and more and more software being used mean that the attack surface for cyberattacks is constantly growing and defending against them is becoming ever more complex. At the same time, hackers are becoming increasingly professional, not least thanks to AI support," says Mario Zillmann, Partner at Lünendonk and Hossenfelder and author of the study, summarizing the developments.

However, the increased use of cloud technologies is also exacerbating the threat situation: 58% of respondents see cloud use as an increased cyber security risk. The companies surveyed primarily identified areas for action in the areas of data encryption and data protection as well as identity and access management. On the other hand, 42% of study participants believe that the use of cloud services has led to an improvement in security levels.

To counter the threat situation, companies are continuing to invest in their cyber security. 45% of the companies surveyed plan to increase their spending on cyber security by five to ten percent in 2024. As the majority of respondents see advancing digitalization as the main reason for the increased threat, 77% are investing more in vulnerability management in order to identify weaknesses in software products at an early stage and rectify them quickly.

Vulnerability and regulation

"The budget allocation thus illustrates the high priority of cyber security at a time when many companies are seeing their IT budgets fall rather than rise due to the economic situation. A key driver is the implementation of regulations such as DORA or NIS-2, which is leading to increased investment in securing IT infrastructures and networks," says Zillmann. For example, 52% of the companies surveyed stated that the Cyber Resilience Act and NIS-2 will lead to additional expenditure on cyber security. "Cloud providers employ highly specialized experts to protect their services and keep them up to date with the latest technological developments. Many IT departments, especially in small and medium-sized companies, are unable to do this," says Lukas Klingholz, cloud expert at Bitkom. "The cloud offers every company the opportunity to bring its IT security up to the highest level."

bitkom.org

luenendonk.com

Write a comment

Oracle Java Usage

Process mining and process intelligence: Digital Twin with PI-Graph

The SAP CEO Alternate

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.