sb-nz logo
Story image

Trend Micro says C-level executives are not prepared for GDPR

Cyber security company Trend Micro has conducted a survey finding that C-level executives are not taking the upcoming General Data Protection Regulation (GDPR) seriously enough.

The survey has found up to 16% of respondents don’t believe they will be impacted by the regulatory scheme, and more than a quarter (28%) admit they have limited or no processes in place for risk management and cloud security within their organisation.

The company says the results indicate some confusion as to exactly what Personally Identifiable Information (PII) needs to be protected.

Of those surveyed, 64% were unaware that a customer’s date of birth constitutes as PII and 42% wouldn’t classify email marketing databases as PII.

32% also don’t consider physical addresses and 21% don’t see a customer’s email address as PII either.

These results indicate that businesses are not as prepared or secure, as they believe themselves to be, as this data provides hackers with all they need to commit identity theft, with businesses facing fines for non-compliance.

Indi Siriniwasa, Trend Micro A/NZ managing director for enterprise and government says it’s concerning that so many Australian organisations are not prepared for the new legislation.

“It has never been more important for organisations to make cybersecurity a key priority, and protect the interests of their customers against cyber security attacks," he says.

“Not only is this a security and prevention issue, but it can also have a disastrous impact on both brand and reputation.”

According to the global survey, 66% of respondents appear to be dismissive of the amount they could be fined without the required security protections in place.

Additionally, 66% of businesses believe reputation and brand equity damage is the biggest pitfall in the event of a breach, with 46% of respondents claiming this would have the largest effect on existing customers.

Trend Micro says these attitudes are especially alarming considering businesses could be shut down in the event of a breach.

In addition, the survey has found businesses aren’t sure who should take ownership of ensuring compliance with the regulation.

Of those surveyed, 31% believe the CEO is responsible for leading GDPR compliance, whereas 27% think the CISO and their security team should take the lead.

The survey has found only 21% of those businesses actually have a senior executive involved in the GDPR process.

Siriniwasa adds, “Increasingly, cyber security is being addressed by executives at a board level which has been triggered mainly by the widespread awareness around the financial and reputational threat that outbreaks such as WannaCry and Petya have had on organisations around the world.

“It’s important for key decision makers including board executives to take shared responsibility to drive much-needed industry change.”

With threats growing in sophistication, businesses often lack the expertise to combat them, and layered data protection technology is required.

GDPR mandates that businesses must implement state-of-the-art technologies relative to the risks faced.

Despite this, only 34% of businesses have implemented advanced capabilities to identify intruders, 33% have invested in data leak prevention technology and 31% have employed encryption technologies.

The GDPR scheme will be implemented globally on the 25th of May 2018.

Story image
Interview: SAS outlines the seven AI-based trends you'll see in 2021
Artificial intelligence has, let's face it, been the subject of much hype, of experimentation, and in some cases, pipe dreams.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Ransomware and Microsoft Exchange attacks surging 
There are global surges in ransomware attacks alongside increases in cyber attacks targeting Microsoft Exchange Server vulnerabilities, according to Check Point Research.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
O365 a weak point ripe for exploit, say security professionals
71% of more than 1,000 security professionals have been on the receiving end of a Microsoft 365 account takeover, on average, seven times in the last year alone.More