Story image

NZ firms lack cybersecurity confidence, HP survey says

15 Nov 2018

Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach, but many are failing to do much about it.

A new study from HP New Zealand says that 41% of surveyed businesses have conducted an IT assessment in the last year, leaving many businesses unaware about their security risks.

The survey suggests that a breach may be one of the few ways that businesses are forced to act – of those who experienced a breach in the last 12 year, only 29 have failed to do a risk assessment.

“The consequences of a data breach are severe; from financial to brand and reputation damage,” comments HP New Zealand managing director Grant Hopkins. 

“Organisations need to be vigilant about implementing processes that regularly monitor, detect and report data breaches. Running regular risk assessments and managing your endpoint security is critical in keeping businesses data safe.”

As more New Zealanders work remotely, HP highlights some of the risks that come with flexible working environments.

Of the surveyed businesses, 60% regularly allow remote access, however 42% have a relevant security policy in place.

Although businesses are worried by what HP calls ‘visual hacking’, only a fifth of businesses have integrated privacy screens on desktops or laptops to protect this kind of breach.

Small businesses must be particularly concerned about breaches, as HP says one attack could put an SMB out of business entirely. 

Antivirus products only protect malware running in an operating system, but there are many other risks such as those that can modify boot-time or runtime software.

“Security threats are evolving every day. Due to reduced effectiveness of firewall protection, every device on an organisation’s network is at risk, and unfortunately printing and imaging devices are often overlooked and left exposed,” comments Hopkins.

The study points out that the humble printer is a risk that most businesses overlook – 30% of respondents don’t have security features on their printers (this figure rises to 37% for SMB respondents), and only 35% include printers in an IT security assessment.

“With hackers able to bypass traditional network perimeter security and antivirus programs, it’s time we scrutinise a hardware’s security as closely, if not more, than our external security solutions,” Hopkins says.

HP states that businesses must secure devices, data and identities in order to preserve people’s trust and confidence in businesses and technology.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.