The Kovid pandemic has significantly helped the digitisation of domestic companies, but their approach to cybersecurity is still insufficient. This is confirmed by the experience of ethical hackers who check the security of corporate IT infrastructure or web and mobile applications through penetration tests.
“While foreign companies order penetration testers for twenty to thirty mandays, in the Czech Republic we get a time limit of half that at most on similar projects,” confirms David Pícha, business manager in the field of cybersecurity at Integra EMEA.
Referring to the rule that applies in cybersecurity: ‘Your systems must resist all attacks – hackers only need to be lucky once’, David Pícha points out that penetration tests should be carried out to a sufficient extent.
So the domestic approach is being taken away by the testers. “Ethical hackers are in an awkward situation. We want them to do a 100 percent job, but they should have much more time to do it,” explains the cybersecurity expert. Meanwhile, the cost of a pentest typically represents about half a percent of a company’s annual investment in IT technology and cybersecurity, and the tests can prevent tens of millions in damage.
Czech companies still do not pay enough attention to cybersecurity. According to the CEO Survey 2021 by consultancy PwC, while 13% more respondents than a year ago take the risk of cyber threats seriously among company bosses, it is still only 49% of CEOs, making it only the 14th most important danger – while misinformation is more important at number 8, inflation tenth or the environment twelfth. Seven per cent of Czech bosses are even planning to cut back on cyber security in response to Kovid.
“It shows that our market is still immature in some sense. Managers’ approach to cyber threats is exactly the opposite compared to Western trends. Growing digitalization is an increasing temptation for hackers to open a backdoor into any company, and it is far from being a threat only for large companies,” concludes David Pícha from Integra. A study by Accenture, for example, showed that 43% of cyberattacks targeted small businesses.
