UK Orgs: Less Than Half ‘Fully Aware’ of GDPR, Malware Top Security Concern

UK Orgs: Less Than Half 'Fully Aware' of GDPR, Malware Top Security Concern

Security and traffic visibility solution companies LogRhythm, ForeScout and Gigamon have joined forces to carry out jointly-commissioned research assessing the current state of play regarding UK cyber-readiness, the biggest threats to business security and C-level concerns.

Of the 2000 IT professionals the firms quizzed in the survey, less than half (47%) of UK businesses were fully aware of the EU General Data Protection Regulation (GDPR), despite the pending regulations being widely publicized. Furthermore, only 40% were fully aware of the NIS Directive, which, like EU GDPR, comes into effect in 2018, meaning only a third of businesses felt they are currently prepared to meet both regulations.

Speaking at a press roundtable in London this week Ross Brewer, vice-president and managing director EMEA at LogRhythm, said that the GDPR represents a “massive shift” in the security regulation landscape, arguing that “boards really need to get a handle on this topic because it’s going to catch them out.”

“With fines of up to 4% of their global turnover at stake, businesses simply cannot afford to take the ‘wait and see’ approach,” he added.

In terms of the biggest security concerns looming over companies, 42% said that malware was the number one worry; more than a third noted stolen credentials as the main threat whilst 27% opted for web vulnerabilities. What’s more, 80% of respondents said their confidential data may be vulnerable to attack with 44% admitting to suffering a breach, three-quarters of those losing sensitive data as a result.

“There’s been a fundamental shift in the industry in the last decade,” explained Brewer, “which is the fact that we’ve built these environments on a prevention-centric security strategy on the basis that we can built a perimeter, protect our assets and these people [cyber-criminals] aren’t going to get into our infrastructure and they won’t have access to our assets, so we’re going to be okay. Clearly, that’s been proven the world over to be a fallible strategy. It’s no longer ‘if’ we’ll get hacked, it’s when we’ll get hacked and how quickly can we identify and recover from it.”

When it comes to visibility across the entire network, a resounding 96% of those polled believed this to be an important part of defending company data. However, almost three-quarters also admitted that they need to improve their detection, prevention and response capabilities.

ForeScout’s VP of sales Myles Bary, also speaking at the roundtable, said that now is the time that businesses need to reduce their security risks by having better visibility of devices when they connect to the network.

“In every organization that we see, there are more devices attached to the network than they thought they had,” he warned. “We’re able to give them the actual data points that they have 30% more devices [for example] attached to the network than they thought they had; we’ve even had organizations with up to 60% more devices, which is pretty horrific if you consider that they are there to know exactly what is on their network, and they just don’t know.”

Finally, the research revealed that there is a growing demand from businesses for better collaboration amongst security vendors. Just over half of the organizations polled use more than five security suppliers, with 82% wanting security vendors to offer more complementary – as opposed to competing – products and work together more effectively to fight hackers.

“Too many businesses are struggling to fight today’s ever-determined hackers, which means security vendors need to make sure they are fighting smarter, together,” argued Trevor Dearing, marketing director EMEA at Gigamon. “The problem for many businesses is that they don’t know where to start, subsequently picking ad-hoc solutions that fail to integrate. But that integration is critical to detecting, isolating and eliminating threats before any damage has been done.

“It’s our responsibility, as leaders in our field, to join forces so that they can maximize their data and investments as much as possible. After all, the cyber-criminals are increasingly pooling resources and working collaboratively – so why shouldn’t we?”

Source: Information Security Magazine