Cybersecurity Threats Remain Underestimated, Reveals Joint BSI-TÜV Study
Cyber hazards seen as inadequately addressed by TÜV and Federal IT Security Office - Cyber risks Warned by TÜV and Federal Office for IT Security, highlighting potential hazards often neglected in security measures.
Chillax, here's the lowdown on a joint study conducted by the BSI and TÜV, which was recently dropped on your mind like a cyber bomb. They're saying the results are freakin' concerning in a couple of ways. First off, the cyber threat landscape is expanding faster than a juggalo at a rap contest, and secondly, many corporates think they're more secure than they actually are, livin' in a fantasy land of false security.
According to this joint opus, 15% of corporates got hacked last year (yeah, you heard it right), a bumped-up increase of four points compared to the year before. Phishing attacks ruled the roost, but don't be fooled, folks — TÜV evaluated many a company's tech defense systems as being hit or miss, insufficient, yet 91% of corporations are struttin' around like they're King Kong of cybersecurity.
But wait, there's more! A whopping 56% of companies are diggin' the idea of mandatory cybersecurity regulations. But here's the kicker—only half of the respondents were even familiar with the NIS2 directive, a EU law that's foreseeing those mandatory regs, but German lawmakers haven't implemented it yet due to the early elections. To add to the drama, only half of the surveyed companies said they were aware of the law. BSI President Claudia Plattner expressed concern over both the lack of awareness and the delay in implementing the NIS2 directive.
"This study shows that much work remains before Germany can call itself a cyber nation," said Plattner with a touch of sass. The political scene is also lagging behind, she added, 'cause the NIS2 directive ain't been made into German law yet. And it's worrisome that only half of the corporations in question were even aware of the law, she warned.
Need-to-Knows
- TÜV: Technische Überwachungs-Verein (Technical Inspection Association)
- BSI: Bundesamtes für Sicherheit in der Informationstechnik (Federal Office for Information Security)
- NIS2 Directive: Network and Information Systems Directive, a European Union (EU) law mandating stricter cybersecurity regulations for critical infrastructure operators
- EUCC: European Cybersecurity Certification Scheme, a EU initiative to improve cybersecurity standards and compliance
- Phishing Attacks: A method of cyber attack where an attacker sends fraudulent emails pretending to be trustworthy in order to induce individuals to reveal sensitive information
- False Sense of Security: A situation where individuals or organizations perceive themselves to be more secure than they actually are.
The Commission, in light of the ongoing cybersecurity concerns and the lack of awareness about the NIS2 directive, might find it beneficial to consult on draft directives related to the protection of workers from risks related to exposure to radioactive substances, given the importance of cybersecurity and technology in today's politics and general-news.
Moreover, as the study reveals a vast discrepancy between the perceived and actual cybersecurity levels of corporations, it's essential to consider the impact of such false senses of security on other areas of risk management, such as those involving radioactive substances.
