<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

close

Comparing Germany's Digital Risk to Western Europe's

by Cybersprint Blog Jan 28, 2020

Cybersprint is expanding their services in Germany. The development and awareness of cyber security in the German markets is interesting to see. This inspired us to make a comparative analysis of the cyber-resilience between German organisations and those in the rest of Western Europe. Does the German approach to regulatory control and cybersecurity result in a noticeable difference?

Finding various vulnerabilities

We used our Digital Risk Protection platform for this research. With it, we built the online footprints and attack surfaces of 50 German organisations. The method resembles that of a hacker’s: outside-in. We inventory subdomains, web pages and other assets using the organisations’ brand names. These 50 organisations have over 70,000 associated digital assets combined, with the largest over 10,000 and the smallest a handful. The organisations’ services, products and markets varied to make the results more representative.

Next, every individual asset is assessed based on the risks, from configuration errors, to email security and GDPR compliance. Some of these vulnerabilities are more critical than others. That’s why the platform assigns risk ratings from A (‘nothing to worry about’) to F (‘in need of immediate attention’). As a result, customers to our platform have 24/7 access to real-time insights into their footprint: empowering them to prioritise and remediate.

Obviously, only passive, non-invasive techniques have been used in gathering the data.

Ranking the risks

We compared two high-level outcomes:

  • The distribution of the security ratings (A – F)
  • The distribution of the risk categories

cyber security rating Germany

Figure 1. Percentages of total asset security rating per organisation.

We can see that, out of the 70,000 assets, 2% have an F rating, and an additional 6% have an E rating. This might sound bad, but it’s consistent with the control group.

Furthermore, we identified six kinds of risk categories:
Domain security = such as DNSSEC, subdomain takeovers
Email security = email spoofing, email authenticity, etc (can be fixed with e.g. DMARC)
Encryption = SSL security certificates, can someone intercept the website traffic?
Regulatory risks = cookie settings, GDPR compliance
Software configuration  = making it possible to see on what software your systems run
Vulnerabilities = older software versions containing known bugs

As can be seen in figure 2, four kinds of risks are very low and almost identical for the German and the Western European organisations. Vulnerabilities, domain security, encryption and regulatory risks only deviate by 1%, if at all. Initially, we expected the regulatory risks to show a bigger difference. However, regulatory risks across Germany and Western Europe are quite alike; 48 out of 50 brands have them.

Risk categories
Figure 2. Distribution of the risk categories in relation to the number of assets between the organisations in Germany and those in Western Europe.

The remaining two risk categories are a different story, though. Both groups show a much higher percentage of email security and software configuration vulnerabilities than in the other four categories. Although there are slightly less configuration errors detected for the German organisations, 57% of all detected German risks were email configuration errors, compared to the 48% in the control group.

Conclusion

While a lack of email security (such as configuring DMARC) is a wide-spread phenomenon, we do advise organisations to take action, since many attack types rely on email spoofing. Still, as for the overall comparison between the cybersecurity in Germany and Western Europe, our research doesn’t show a big difference or gap over the organisations subjected to the analyses.

The value of your digital footprint

Many risks, such as shadow IT, data leaks and advanced attacks, can be minimised by removing blind spots in your digital footprint. At Cybersprint, we believe that risk extends beyond the perimeter, and there’s more risk than just attacks: brand abuse, third party and regulatory risks are all addressable by monitoring your digital footprint, continuously and in real-time.

From risk to remediation, Cybersprint offers full visibility into your digital assets and their associated risks, with continuous, real-time, automated digital footprint monitoring.

online footprint visualisation

 

Comparing Germany's Digital Risk to Western Europe's

Cybersprint is expanding their services in Germany. The development and awareness of cyber security in the German markets is interesting to see. This inspired us to make a comparative analysis of the cyber-resilience between German organisations and those in the rest of Western Europe. Does the German approach to regulatory control and cybersecurity result in a noticeable difference?

read more

How banks can avoid biting in a phisher's hook

How do you rob a bank in 2019? Forget balaclavas, safecrackers and getaway cars. All you need is a laptop, some software and a little imagination. The result? A phishing “business”, which fools online banking users into thinking they are logging into their account, when they are actually giving away their login details to cybercriminals. Bank customers have always been the easy target in this kind of scam. A report from Kaspersky Labs found that almost 50% of phishing campaigns used this method. But as banks have improved their fraud prevention measures to protect their customers, the focus of the phishers has broadened to include the banks themselves.

read more

Cyber-resilience for government: how safe are you and your citizens?

As more and more public services go online, citizens need to feel they can trust governments with their data – especially those reluctant to start using digital versions of familiar services such as passport renewal or residency registration. Moreover, sensitive government documents and sensitive communication channels between departments and politicians need to be kept secure, even as cyberthreats become increasingly sophisticated and effective. Digital Risk Protection (DRP) solutions are a key element of cyber-defence strategies for public sector organisations when it comes to keeping citizens, politicians and their data safe.

read more

Do you have a question?

Our experts have the answers

Contact us