Security initiatives for SMEs would be an important accompanying measure to technology-assisted IT security. A study carried out by Detecon International on behalf of BMWi shows, however, that although the programmes are good at explaining matters, they offer hardly any specific help. However, compared on an international level, German projects are still the best.
The initiative S scores particularly well here. It is supervised by eco, the Association of German Internet Economy, and sponsored by the Federal Ministry for Economic Affairs and Energy (BMWi). The companies can register via the initiative’s homepage to have their own website checked. The data is then validated and security experts within the Association check the website on a regular basis for malware and other malicious changes.
Most of the state-run initiatives whose purpose is to improve IT security within medium-sized companies are aimed at increasing awareness of the problem among corporate managers. Although this is an indispensable precondition, it is not enough by any means. In many cases, there is a particular lack of customised technical aids. Apparently only a small percentage (35%) is geared towards the specific IT objectives listed in the Baseline Protection Catalogue issued by the German Federal Office for Information Security. According to the survey, important measures regarding access control, for example, are not taken into account.