Almost 90% of successful cyber attacks start with phishing attacks / social engineering e.g. via email and the malware activated and spread via this e.g. ransomware, encryption Trojans, spyware. -> With now easily controllable and automated cloud services such as Office365, email signing, email encryption, managed mail security, managed security, cloud backup, this greatest attack security risk can be massively reduced with a relatively small budget.
The unchanged most important basis for such cleverly combined, orchestrated services or countermeasures are current, correctly set up and continuously updated operating systems and endpoint protection services such as virus protection, anti-malware, monitoring, baseline analyzer. -> Here, too, proactive and centrally manageable solutions have been available for a long time, such as well-coordinated policies (GPO, users, computers, network, servers, firewall) Microsoft Enterprise Mobility & Security, behavior monitoring, sandboxing, baselining based on behavior pattern measures and cloud overall solutions.
60% of the data loss with company vital risks, which also endangers reputation, is caused by theft. -> By means of very well combinable cloud services such as document rights management DRM, email encryption, encrypted data exchange via SharePoint / OneDrive, cloud backup and cloud overall solutions, this risk of the increasing threat situation can also be reduced to a minimum.
The focus of cyber risks / cyber war remains on people / employees as the target. However, people / employees can also be involved as active participants in proactive support against ICT risks. This can be done by means of sensitization, training and also by means of an ICT security policy (which can also be submitted as a binding annex to the employment contract). .
With such combined measures, it is already possible to implement a “Security by Design” / “Security by Default” overall solution which is then also compliant with the future Swiss Data Protection Act (DSG), which is currently being consulted on, or within European data protection. Further requirements / compliance specifications, e.g. also from FINMA, ICS, risk management – or according to the obligations along the ICT company strategy – are supported by such preventive measures in a meaningful and budgetable way.
“Make or buy” decisions in the area of such managed security services have become relatively simple. For example, there are internationally active service providers with thousands of security specialists with 7x24h operations / operation centers / response centers. The billions invested in the global security aspects of critical infrastructures (supported with Artificial Intelligence AI, technology alliances) allow an affordable use of such enterprise solutions even for SMEs and micro enterprises due to “economy of scale” effects.
In addition, you may find further useful inputs and hopefully impulse-bringing thoughts here.