LogRhythm, Gigamon and Forescout Technologies have published the results of jointly-commissioned research into UK cyber-readiness, C-level concerns and the biggest threats to business security today. The survey of 2,000 IT professionals, conducted by Atomik Research, revealed that less than half (47 percent) of UK businesses are fully aware of the EU General Data Protection Regulation (GDPR), despite the pending regulations being widely publicised. Furthermore, only 40 percent are fully aware of the NIS Directive, which, like EU GDPR, comes into effect in 2018. Only a third (33 percent) of businesses feel they are currently prepared to meet both regulations,. Other key findings include:
- 54 percent are concerned about the impact Brexit will have on cyber security regulations
- 44 percent are aware that they have suffered a data breach, with 69 percent of these businesses losing sensitive data as a result
- 80 percent believe their confidential data may be vulnerable to attack
- While 96 percent believe visibility into their networks is important or useful, 74 percent think that they need to improve their detection, prevention and response capabilities
“There’s clearly a long way to go when it comes to educating businesses on how to remain compliant as we approach the deadline for EU GDPR compliance,” said Ross Brewer, VP and MD EMEA at LogRhythm. “While these results indicate that businesses are concerned about how they can protect their data, it doesn’t appear to be translating into practice. Hackers are persistent and creative, and unfortunately more often than not they are able to get in, which can lead to substantial reputational damage – just look at the TalkTalk and Yahoo data breaches. Combine this with stricter rules and harsher punishments for lax security and the impact of a successful breach is even more serious. Having the ability to detect an attack as soon as it happens will be key to staying compliant with the new regulations and this can only be achieved by having full insight into networks. With fines of up to four percent of their global turnover at stake, businesses simply cannot afford to take the ‘wait and see’ approach.”
According to Myles Bray, VP Sales, EMEA at ForeScout, “British businesses must act now to reduce their security risks by having visibility of devices when they connect to the network. With the increasing number of traditional and Internet of Things devices connecting to the network, the need for visibility is stronger than ever as bad actors are using these devices as the path of least resistance.”
The research also revealed that stolen credentials is a growing concern for businesses. While malware is the number one worry, with 42 percent of businesses seeing this as the top threat, more than a third (34 percent) of those asked believe stolen credentials has become the biggest threat to business security.
Finally, the research revealed that there is a growing demand from businesses for security vendors to work together. Indeed, just over half (52 percent) of businesses use more than five security suppliers, with 82 percent wanting security vendors to offer more complementary – as opposed to competing – products and collaborate more effectively to fight hackers.
“Too many businesses are struggling to fight today’s ever-determined hackers, which means security vendors need to make sure they are fighting smarter, together,” said Trevor Dearing, marketing director EMEA at Gigamon. “The problem for many businesses is that they don’t know where to start, subsequently picking ad-hoc solutions that fail to integrate. But that integration is critical to detecting, isolating and eliminating threats before any damage has been done. It’s our responsibility, as leaders in our field, to join forces so that they can maximise their data and investments as much as possible. After all, the cybercriminals are increasingly pooling resources and working collaboratively – so why shouldn’t we?”