Story image

Almost half of NZ businesses unprepared for data breaches

22 Nov 2018

Forty-five percent of New Zealand businesses rate themselves as not secure on both managing security from different endpoints and protecting company data when employees are working remotely, a study by HP has found.

Only 50% of businesses feel any confidence that they would cope if their business experienced a significant cybersecurity breach.

 The HP New Zealand IT Security Study, conducted in September 2018, surveyed 434 New Zealand small to large businesses across the services, production, retail and hospitality, health and education, and distribution industries.

A key objective of the research was to identify New Zealand SMBs’ approach to IT security, including policies, procedures and risk management and where their perceived weaknesses exist.

“The consequences of a data breach are severe; from financial to brand and reputation damage,” says HP New Zealand managing director Grant Hopkins.

“Organisations need to be vigilant about implementing processes that regularly monitor, detect and report data breaches. Running regular risk assessments and managing your endpoint security is critical in keeping businesses data safe.”

As more New Zealanders work remotely, use personal devices in the workplace, and work in public spaces, traditional security measures and antivirus programs are becoming less effective.

Sixty percent of businesses regularly allow remote working (and remote access to company data) but only 42% of them have a security policy in place.

Furthermore, while visual hacking represented the area of greatest perceived weakness, only one in five businesses have integrated privacy screens on desktops/laptops to protect this type of breach.

Many IT departments tend to focus their efforts around PCs, tablets and other connected devices, but they neglect one of the largest areas of vulnerability: the printer.

The study found that New Zealand businesses have printers that are relatively insecure with 30% not offering any security features and only 35% of businesses including printers in their IT security assessment.

Without embedded security measures like real-time threat detection, automated monitoring, and data encryption, printers are left open and vulnerable to attack.

Not only does this make the confidential and sensitive documents that are printed, scanned and copied by the printer easily accessible for hackers, but risks the entire network being hacked, while bypassing the firewall altogether. 

“Endpoint security – at the device level – is critical. Organisations tend to rely solely on third-party software security to protect their devices when, in reality, stronger and better business security must be integrated into the device itself,” says Hopkins.

“With hackers able to bypass traditional network perimeter security and antivirus programs, it’s time to scrutinise a hardware’s security as closely, if not more, than our external security solutions.”

Today’s SMBs must implement processes and technologies designed to both proactively detect and prevent against a cyber attack.

Chillisoft rounds out portfolio with file integrity vendor
Tripwire is the fourth vendor for Chillisoft in six months, adding critical security controls, vulnerability management and file integrity monitoring.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.