Story image

NZ firms lack cybersecurity confidence, HP survey says

15 Nov 2018

Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach, but many are failing to do much about it.

A new study from HP New Zealand says that 41% of surveyed businesses have conducted an IT assessment in the last year, leaving many businesses unaware about their security risks.

The survey suggests that a breach may be one of the few ways that businesses are forced to act – of those who experienced a breach in the last 12 year, only 29 have failed to do a risk assessment.

“The consequences of a data breach are severe; from financial to brand and reputation damage,” comments HP New Zealand managing director Grant Hopkins. 

“Organisations need to be vigilant about implementing processes that regularly monitor, detect and report data breaches. Running regular risk assessments and managing your endpoint security is critical in keeping businesses data safe.”

As more New Zealanders work remotely, HP highlights some of the risks that come with flexible working environments.

Of the surveyed businesses, 60% regularly allow remote access, however 42% have a relevant security policy in place.

Although businesses are worried by what HP calls ‘visual hacking’, only a fifth of businesses have integrated privacy screens on desktops or laptops to protect this kind of breach.

Small businesses must be particularly concerned about breaches, as HP says one attack could put an SMB out of business entirely. 

Antivirus products only protect malware running in an operating system, but there are many other risks such as those that can modify boot-time or runtime software.

“Security threats are evolving every day. Due to reduced effectiveness of firewall protection, every device on an organisation’s network is at risk, and unfortunately printing and imaging devices are often overlooked and left exposed,” comments Hopkins.

The study points out that the humble printer is a risk that most businesses overlook – 30% of respondents don’t have security features on their printers (this figure rises to 37% for SMB respondents), and only 35% include printers in an IT security assessment.

“With hackers able to bypass traditional network perimeter security and antivirus programs, it’s time we scrutinise a hardware’s security as closely, if not more, than our external security solutions,” Hopkins says.

HP states that businesses must secure devices, data and identities in order to preserve people’s trust and confidence in businesses and technology.

Chillisoft rounds out portfolio with file integrity vendor
Tripwire is the fourth vendor for Chillisoft in six months, adding critical security controls, vulnerability management and file integrity monitoring.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.