In order to be better able to defend yourself against cyber attacks, it is important to know all available information about the tactics of potential attackers. However, according to a representative survey by cyber defense specialist Mandiant, 81 percent of cyber security decision-makers stated that the majority or even all decisions regarding cyber security strategy in their organization are made without information about potential attackers.
35 percent of respondents in Germany expressed alarm because their organization does not have comprehensive knowledge of different hacker groups and their tactics, techniques and procedures.
The problem seems to lie with the higher management level, which underestimates cyber dangers. 62 percent of the security forces surveyed by Mandiant call for a rethink in German management floors. 95 percent are of the opinion that cyber security strategies cannot be adapted to the dangers quickly enough when new threat intelligence is available – not necessarily because there is a lack of expertise, but because too little is invested in this dynamic sector.
Jens Monrad, Head of Client Intelligence, EMEA at Google Cloud, also views the situation of German companies critically: “Organizations in Germany remain a popular target for cybercriminals. With a string of significant security incidents in this young year, security professionals are more aware than ever of the need for better security practices.” However, Monrad warns that security teams at German companies often struggle to keep up with the rapidly changing threat landscape. “Security teams should therefore acquire threat intelligence,” said Monrad, “that is trustworthy, timely, actionable, and relevant intelligence (tactical, operational and strategic in nature) regularly with relevant stakeholders up to senior management level. Then organizations can make security and business decisions with insight into the potential attackers.”
