Making IT security a top priority
Security needs strategy
When companies move their business processes towards mobility, collaboration or the cloud, going without IT security is unthinkable. But a security concept is not only a challenge – it's also an opportunity.
Digitization and networking ensure prosperity. This is evidenced by the example of Germany: According to a study conducted by trade organization BITKOM, digitization employed approximately an additional 1.5 million people in the Federal Republic of Germany in 2012. The same applies to many other countries. When companies want to successfully digitize and network, they need the trust of their customers and partners. Therefore, the IT security needs to be ensured from end-to-end, involving not only the protection of data but also of communication channels.
And: IT security is top priority. Last but not least, this is because the classic risk assessments such as payment defaults and production downtimes are being supplemented by cyber attacks and industrial espionage with incalculable consequences for companies and management: This ranges from business losses due to a DDoS attack (Distributed Denial-of-Service) to a damaged reputation due to loss of customer data to personal liability on the part of management. The latter can easily cost EUR 50,000 if negligence is proven - with a prison sentence of up to two years in the case of malicious intent.
Many decision-makers underestimate the possible damage
According to the Global IT Security Risk Survey by Kaspersky, nine out of 10 companies had already been the target of a cyber attack. In contrast to this are the results of Deutsche Telekom's Cyber Security Report: According to the report, more than half of decision-makers in the political and economic sectors only assume a slight risk of serious damage caused byhacker attacks. Very wrong! In the spring of 2013, hackers were able to abscond with around GBP 1.3 million after breaking into the IT systems of a British bank. In the same year, a gang in the USA perpetrated an online bank robbery to the tune of EUR 34 million. And during the 2013 Christmas shopping season in the USA, 160 million data records were stolen from customers, including credit card data and PINs.
But not allcyber attacksare necessarily about money. Competing companies and other countries' intelligence services are more into espionage in order to gather information. If the rights of third parties are violated due to this, e.g. in regard to data protection, then companies are liable for this, depending on the laws of the respective country.
Increasing cyber attack targets
One thing is clear: Be it at one's own data center or in thecloud, without IT security companies soon run into existential problems. Hundreds of thousands of new viruses, worms and Trojans are created every day. The experts of Telekom's Cyber Emergency Response Team (CERT) know that the attackers are becoming increasingly professional and their methods increasingly sophisticated.
At the same time, the potential targets for attacks are increasing as well: the number of machines, systems, devices and products with Internet access is rising fast. As is the use ofmobile devices. In the future companies will have to do more to protect their data and networks. And not with stand-alone solutions but rather with comprehensive security concepts, which should in turn be a part of an IT strategy. This strategy includesnetwork securityas the basis as well as secure cloud-based services and secure mobilization of business processes. Also included are consulting by strong partners as well as creating awareness among one's own employees. This can be achieved with a clear IT security policy and corresponding training. Certifications and audits help you achieve and maintain quality standards in IT security.
In The Global State of Information Security 2013 study, PwC states that only four out of 10 companies employ a Chief Information Security Officer. As one of the first DAX-listed companies, Deutsche Telekom promoted the Data Privacy, Legal Affairs and Compliance department to board level. Telekom also introduced the Privacy and Security Assessment a few years ago. This process entrenches the "technical security" and "data protection" aspects into development processes early on, i.e. deep into a company's DNA. Security is a design factor here. This transformation towards comprehensive IT security is top priority because it's about ensuring companies' existence.