How Decision-Makers Can Prevent Attacks on Mail Servers

According to the German Association of the Internet Industry (eco), decision-makers must urgently bolster their defenses against the rising tide of attacks targeting email servers. Patch management is the single most critical component of corporate security strategy.

Against the backdrop of recently disclosed attacks on email servers, eco – the German Association of the Internet Industry – urges companies to rigorously review both their incident response planning and their patch management practices. Markus Schaffrin, eco’s cybersecurity expert and Head of Member Services, states: “Security vulnerabilities in software that can be exploited quickly underscore, time and again, just how vital up-to-date patch management and robust incident preparedness are for any organization.”

Cybersecurity experts confirm the paramount importance of both topics when strengthening IT security. According to eco’s 2021 IT Security Study, 88 percent of companies surveyed by eco rate patch management as a very important element of their security strategy.

Implementation Falls Short

Yet execution remains inconsistent across many organizations. Eco’s IT Security Study reveals that only around 69 percent of companies have established internal processes to respond effectively to incidents. Another 19 percent at least plan to implement such an incident response plan in the near term. Equally essential is maintaining continuous awareness of emerging threats.

“Up-to-date intelligence on the status of deployed systems and software forms the foundation for sound decision-making – and for effective patching and incident response,” says Schaffrin. He offers five concrete tips to help prevent security vulnerabilities – especially in email servers – in the future:

• Inventory: Conduct a comprehensive audit of all software and systems in use: Where is each tool deployed? Which systems are currently active – and which have been decommissioned?
• Assign responsibilities: Clearly define who is accountable for what.
• Assess and classify risks: Which services are mission-critical for your business? What business impact would vulnerabilities have?
• Proactively monitor threat intelligence: Subscribe to alerts and advisories from trusted sources such as the BSI (Federal Office for Information Security) and CERT-Bund
• Define and rehearse patching processes: Establish clear procedures for both routine and emergency patching – and regularly train staff through realistic drills.

Key Facts

Average dwell time: Attackers remain undetected inside corporate networks for an average of 204 days.

SMEs in the crosshairs: 43 percent of all cyberattacks target small and medium-sized enterprises (SMEs).

Frequently Asked Questions

What’s the difference between data protection and information security?

Data protection governs the lawful handling of personal data – including legal basis, purpose limitation, and data subject rights. Information security encompasses the technical and organizational measures designed to protect all data against loss, tampering, or unauthorized access.

Does every company need a Data Protection Officer (DPO)?

Under German law, appointing a DPO is mandatory if at least 20 people are regularly engaged in the automated processing of personal data – or if special categories of personal data (e.g., health data) are processed.

What rights do data subjects have under the GDPR?

The right of access, the right to rectification, the right to erasure (“right to be forgotten”), the right to restriction of processing, the right to data portability, and the right to object. Companies must respond to such requests within one month.

Related Articles

• Cyberattacks: New Security Gaps Created by Remote Work
• Cybersecurity vs. Network Security: What’s the Difference?
• Auth0 Launches New Bot Detection Solution for Enhanced Protection

More from the MBF Media Network

• Strategic IT Decisions for Executives
• Business Future: Trends for Decision-Makers

Header Image Source: Adobe Stock / ridvan_celik

Fact: According to Bitkom, German companies invest an average of 14 percent of their IT budget in cybersecurity.

Fact: According to IBM, the average cost of a data breach in 2025 stood at $4.88 million.

TL;DR

• According to eco’s 2021 IT Security Study, 88 percent of companies surveyed by eco consider patch management a very important pillar of their security strategy.
• Eco’s IT Security Study shows that only around 69 percent of companies have formalized internal processes to respond to incidents.
• An additional 19 percent intend to establish such an incident response plan in the near term.
• Schaffrin outlines five actionable steps to prevent security vulnerabilities – particularly in email servers: Inventory: Audit all deployed software and systems…

About the author: Tobias Massow

More articles by Tobias Massow