Incident response plans: Is Switzerland "cyber resilient"?
According to the latest Kaspersky study, the topic of "incident response" or preparation for cyberattacks in companies in Switzerland still seems to have room for improvement. The survey was conducted by Arlington Research on behalf of Kaspersky in June 2023. A total of 200 IT decision-makers in Germany, 50 in Austria and 50 in Switzerland were surveyed on the subject of incident response and cyber security.
The study shows why companies in Switzerland are poorly prepared for cyberattacks and how they can become more cyberresilient thanks to incident response methods. For example, only four in ten (44.0 %) have incident response plans handy to guide the team in the event of an attack; about the same number (40.0 %) have an incident response playbook on hand. An incident response plan is applicable to a wide range of incidents and assists employees with incident response. In this regard, companies generally seem to lack guidance and preventive measures on how to respond to or prevent incidents. Last year, more than 33,000 digital crime incidents were reported in Switzerland. According to the latest Kaspersky study, 28.0 % of companies in Switzerland have cyber insurance that would cover at least the roughest costs in the event of a loss. The results of this study can be read as further evidence that Swiss companies, especially SMEs, are rather lax in dealing with the issue of cyber security, as we have already reported here.
Dealing with security incidents
If an attack or malware infection occurs, only a quarter of companies in Switzerland know what to do with the affected devices. Only a quarter (24.0 %) of companies in Switzerland have a centrally documented repository for compromised devices. However, this is important for forensics, as it is the only way to identify the origin of an attack. Companies in Switzerland lack guidelines on how to deal with security incidents: only about half (48.0 %) of the companies have guidelines on how to document security incidents, and nearly as few (44.0 %) have a defined office for reporting incidents.
Lack of preventive safety measures
Too few companies have implemented appropriate measures to prevent cybersecurity incidents: Less than one-third (32.0 %) use network segmentation to seal devices off from each other. Only one-third (38.0 %) conduct preventive audits. The majority (86.0 %) also forgo simulation/emulation with respect to Adversaries and Threats (via Table Top Exercise (TTX) or Adversary Emulations). However, without testing critical processes, there is no way to ensure that they will work and support them in an emergency.
The picture is similar when it comes to patch management: only around half of the companies (54.0 %) have a corresponding policy for this. Yet security vulnerabilities in applications and operating systems are among the most frequent attack vectors in companies. For Kai Schuricht, Lead Incident Response Specialist at Kaspersky, this is due to the complexity of patching: "On the one hand, security gaps are relatively easy to plug, but on the other, the process is usually a bit more complicated than one might think. If companies decide to update their systems, this takes some time. This is because they first have to be tested, released and then distributed. This takes time and naturally increases the time window in which the systems are vulnerable. The time window for successful attacks is also extended. An appropriately thought-out and thus efficient patch management can provide support here and take into account the different requirements of, for example, IT security and production at the same time."
Source: www.kaspersky.de
