{"id":8248,"date":"2021-04-07T16:58:04","date_gmt":"2021-04-07T16:58:04","guid":{"rendered":"https:\/\/www.securitytoday.de\/2026\/04\/02\/post_id-2804\/"},"modified":"2026-05-10T19:06:37","modified_gmt":"2026-05-10T19:06:37","slug":"how-decision-makers-can-prevent-attacks-on-mail-servers","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2021\/04\/07\/how-decision-makers-can-prevent-attacks-on-mail-servers\/","title":{"rendered":"How Decision-Makers Can Prevent Attacks on Mail Servers"},"content":{"rendered":"<p><strong>According to the German Association of the Internet Industry (eco), decision-makers must urgently bolster their defenses against the rising tide of attacks targeting email servers. Patch management is the single most critical component of corporate security strategy.<\/strong><\/p>\n<p>Against the backdrop of recently disclosed attacks on email servers, eco &#8211; the German Association of the Internet Industry &#8211; urges companies to rigorously review both their incident response planning and their patch management practices. Markus Schaffrin, eco\u2019s cybersecurity expert and Head of Member Services, states: \u201cSecurity vulnerabilities in software that can be exploited quickly underscore, time and again, just how vital up-to-date patch management and robust incident preparedness are for any organization.\u201d<\/p>\n<p>Cybersecurity experts confirm the paramount importance of both topics when strengthening IT security. According to eco\u2019s <a href=\"https:\/\/www.eco.de\/presse\/eco-it-sicherheitsstudie-2020-unternehmen-ruesten-sich-fuer-den-ernstfall\/\" target=\"_blank\" rel=\"noopener\">2021 IT Security Study<\/a>, 88 percent of companies surveyed by eco rate patch management as a <em>very important<\/em> element of their security strategy.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-2805 size-large\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2021\/03\/eco-befragugung-sicherheitsstrategie-securitytoday-700x525.png\" alt=\"\" width=\"700\" height=\"525\" srcset=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2021\/03\/eco-befragugung-sicherheitsstrategie-securitytoday-700x525.png 700w, https:\/\/www.securitytoday.de\/wp-content\/uploads\/2021\/03\/eco-befragugung-sicherheitsstrategie-securitytoday-250x188.png 250w, https:\/\/www.securitytoday.de\/wp-content\/uploads\/2021\/03\/eco-befragugung-sicherheitsstrategie-securitytoday-768x576.png 768w, https:\/\/www.securitytoday.de\/wp-content\/uploads\/2021\/03\/eco-befragugung-sicherheitsstrategie-securitytoday-120x90.png 120w, https:\/\/www.securitytoday.de\/wp-content\/uploads\/2021\/03\/eco-befragugung-sicherheitsstrategie-securitytoday.png 1024w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/p>\n<h2>Implementation Falls Short<\/h2>\n<p>Yet execution remains inconsistent across many organizations. Eco\u2019s IT Security Study reveals that only around 69 percent of companies have established internal processes to respond effectively to incidents. Another 19 percent at least plan to implement such an incident response plan in the near term. Equally essential is maintaining continuous awareness of emerging threats.<\/p>\n<p>\u201cUp-to-date intelligence on the status of deployed systems and software forms the foundation for sound decision-making  &#8211;  and for effective patching and incident response,\u201d says Schaffrin. He offers five concrete tips to help prevent security vulnerabilities  &#8211;  especially in email servers  &#8211;  in the future:<\/p>\n<ul>\n<li><strong>Inventory<\/strong>: Conduct a comprehensive audit of all software and systems in use: Where is each tool deployed? Which systems are currently active  &#8211;  and which have been decommissioned?<\/li>\n<li><strong>Assign responsibilities<\/strong>: Clearly define who is accountable for what.<\/li>\n<li><strong>Assess and classify risks<\/strong>: Which services are mission-critical for your business? What business impact would vulnerabilities have?<\/li>\n<li><strong>Proactively monitor threat intelligence<\/strong>: Subscribe to alerts and advisories from trusted sources such as the <a href=\"https:\/\/www.bsi.bund.de\" target=\"_blank\" rel=\"noopener\">BSI (Federal Office for Information Security)<\/a> and <a href=\"https:\/\/www.cert-bund.de\/\" target=\"_blank\" rel=\"noopener\">CERT-Bund<\/a><\/li>\n<li><strong>Define and rehearse patching processes<\/strong>: Establish clear procedures for both routine and emergency patching  &#8211;  and regularly train staff through realistic drills.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2>Key Facts<\/h2>\n<p><strong>Average dwell time:<\/strong> Attackers remain undetected inside corporate networks for an average of 204 days.<\/p>\n<p><strong>SMEs in the crosshairs:<\/strong> 43 percent of all cyberattacks target small and medium-sized enterprises (SMEs).<\/p>\n<h2>Frequently Asked Questions<\/h2>\n<h3>What\u2019s the difference between data protection and information security?<\/h3>\n<p>Data protection governs the lawful handling of personal data  &#8211;  including legal basis, purpose limitation, and data subject rights. Information security encompasses the technical and organizational measures designed to protect <em>all<\/em> data against loss, tampering, or unauthorized access.<\/p>\n<h3>Does every company need a Data Protection Officer (DPO)?<\/h3>\n<p>Under German law, appointing a DPO is mandatory if at least 20 people are regularly engaged in the automated processing of personal data  &#8211;  or if special categories of personal data (e.g., health data) are processed.<\/p>\n<h3>What rights do data subjects have under the GDPR?<\/h3>\n<p>The right of access, the right to rectification, the right to erasure (\u201cright to be forgotten\u201d), the right to restriction of processing, the right to data portability, and the right to object. Companies must respond to such requests within one month.<\/p>\n<h2>Related Articles<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2020\/04\/07\/post_id-2027\/\">Cyberattacks: New Security Gaps Created by Remote Work<\/a><\/li>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2020\/10\/23\/post_id-2624\/\">Cybersecurity vs. Network Security: What\u2019s the Difference?<\/a><\/li>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/?p=2428\">Auth0 Launches New Bot Detection Solution for Enhanced Protection<\/a><\/li>\n<\/ul>\n<h3>More from the MBF Media Network<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.digital-chiefs.de\" target=\"_blank\" rel=\"noopener\">Strategic IT Decisions for Executives<\/a><\/li>\n<li><a href=\"https:\/\/www.mybusinessfuture.com\" target=\"_blank\" rel=\"noopener\">Business Future: Trends for Decision-Makers<\/a><\/li>\n<\/ul>\n<p style=\"text-align: right;\"><em>Header Image Source: Adobe Stock \/ ridvan_celik<\/em><\/p>\n<p><strong>Fact:<\/strong> According to Bitkom, German companies invest an average of 14 percent of their IT budget in cybersecurity.<\/p>\n<p><strong>Fact:<\/strong> According to IBM, the average cost of a data breach in 2025 stood at $4.88 million.<\/p>\n<\/p>\n<h2>TL;DR<\/h2>\n<ul>\n<li>According to eco\u2019s 2021 IT Security Study, 88 percent of companies surveyed by eco consider patch management a <em>very important<\/em> pillar of their security strategy.<\/li>\n<li>Eco\u2019s IT Security Study shows that only around 69 percent of companies have formalized internal processes to respond to incidents.<\/li>\n<li>An additional 19 percent intend to establish such an incident response plan in the near term.<\/li>\n<li>Schaffrin outlines five actionable steps to prevent security vulnerabilities  &#8211;  particularly in email servers: Inventory: Audit all deployed software and systems\u2026<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"According to the German Association of the Internet Industry (eco), decision-makers must urgently bolster their defenses against the rising tide of attacks targeting email servers. Patch management is the single most critical component of corporate security strategy. Against the backdrop of recently disclosed attacks on email servers, eco &#8211; the German Association of the Internet [&hellip;]","protected":false},"author":55,"featured_media":2806,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"decision-makers","_yoast_wpseo_title":"How Decision-Makers Can Prevent Attacks on Mail Servers","_yoast_wpseo_metadesc":"Mail server security: Protect your organization from cyberattacks with proactive patch management. Learn how decision-makers can strengthen defenses now.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_twitter-image-id":0,"_evm_translation_lang":"","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":["post_id-2804"],"footnotes":""},"categories":[251],"tags":[],"class_list":["post-8248","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"evm_reading_time_minutes":4,"wpml_language":"en","wpml_translation_of":2804,"_links":{"self":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/8248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/comments?post=8248"}],"version-history":[{"count":5,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/8248\/revisions"}],"predecessor-version":[{"id":11915,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/8248\/revisions\/11915"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media\/2806"}],"wp:attachment":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media?parent=8248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/categories?post=8248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/tags?post=8248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}