Technology Reseller v07

Powered by Is it time for government-mandated IoT security regulations? THE STATE OF IoT SECURITY Security takes a back seat 01732 759725 BULLETIN : TRENDS 6 ISF GDPR guide The Information Security Forum (ISF) has released a GDPR Implementation Guide outlining best practice for introducing a compliance program. The new guide builds on the recently released ISF digest, Preparing for the General Data Protection Regulation , which summarises the main requirements of the new legislation and lists the concerns an organisation needs to address to be ready for GDPR. www.securityforum.org Negligent employees main cause of security breaches More than half (54%) of IT professionals blame negligent employees and contractors for data breaches, ahead of third party mistakes (43%), errors in system or operation processes (34%), external hackers (33%) and malicious insiders (7%) . Keeper Security’s 2017 State of SMB Cybersecurity Report  shows that despite their concerns about employees, only 43% of SMBs surveyed by Ponemon have a corporate password policy in place. Of those, two thirds (68%) say they don’t strictly enforce that policy (or are unsure whether they do or not). Ponemon warns that SMBs face an increased risk of cyber-attack, with 61% having experienced a breach in the last 12 months compared to 55% in 2016. The quantity of stolen data in an average breach has nearly doubled to 9,350 records, from an average of 5,079 in 2016, and attacks are becoming more costly, with the average cost of disruption to business operations and damage/theft of IT assets or infrastructure both now exceeding $1,000,000. www.keepersecurity.com No confidence in IoT security The majority of business organisations (96%) and consumers (90%) believe there is a need for government-mandated IoT security regulations. In a Gemalto survey, two thirds of respondents said they feared hackers taking control of their IoT device; 60% worried about their data being leaked; and 54% were concerned that hackers could access their personal information. The survey found that IoT device manufacturers and service providers in the UK spend just 9% of their total IoT budget on securing their devices and that only 52% of all data captured on devices in the UK is encrypted. Jason Hart, CTO, Data Protection at Gemalto, said: “It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and, more importantly, the integrity of the data created, stored and transmitted by these devices. “With legislation like GDPR showing that governments are beginning to recognise the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.” Amongst businesses surveyed, 61% said they favoured regulation to make it clear who is responsible for securing IoT devices and data at each stage of its journey (61%), with 55% wanting it to highlight the implications of non-compliance. www.gemalto.com Generalists not up to the task  IT managed services provider CORETX warns that mid-sized businesses are compromising the effectiveness of their cyber security defences by relying on generalists for their day-to-day security management. The warning follows a survey of 100 IT decision-makers, which revealed that although 72% have implemented a Security and Information Event Management (SIEM) solution and 83% have replaced their firewall with a more modern solution in the last three years, just 4% have staff dedicated to analysing IT security logs and only 6% have staff dedicated to acting on security reports. Less than 20% have enough resource to scan all IT logs that might contain security information, and when a potential threat is identified, only 13% always report the risk to someone able to deal with it. Merlin Gillespie, Group Strategy Director at CORETX, said: “Of the organisations we surveyed, 75% have recently fallen victim to a cyber-attack, with 40% occurring in the last year. It’s clear that many organisations’ security practices leave very large gaps in their protection. In our view, creating actionable intelligence on the threats organisations face can only be handled by a dedicated team. A business can either recruit and support that function in house or outsource it to a service provider that specialises in security.” www.CORETX.com Law firm Blake Morgan has launched a free guide to GDPR compliance, as its survey of UK organisations shows that just one in 10 (13%) has updated their privacy policies to comply with the new regulations. More than one third (39%) of organisations have not yet taken steps to prepare for GDPR. A similar proportion (38%) doubt whether they will be compliant by May 25, 2018, when the new rules come into force. Simon Stokes, a partner specialising in data protection law at Blake Morgan, said: “There appears to be a genuine confusion among many business leaders about what the new law means and how to achieve full compliance. With the clock counting down to the law coming into force, we would recommend a focused effort by businesses to get to grips with the changes and implement a strategic plan of action.” www.blakemorgan.co.uk/GDPR Nine out of 10 businesses not ready for GDPR Simon Stokes