CIO

Half of Kiwi firms unprepared for data breaches: Survey

Most have not conducted an IT risk assessment over the past year, according to HP

Nearly half of (45 per cent) of New Zealand businesses rate themselves as not secure on both managing security from different endpoints and protecting company data when employees are working remotely.

Only 50 per cent of businesses feel confident they would cope if their business experienced a significant cybersecurity breach.

These are among the key findings of the HP New Zealand IT Security Study, which HP says covered 434 New Zealand small to large businesses across the services, production, retail and hospitality, health and education, and distribution industries.

The research was conducted in September by Perceptive on behalf of HP New Zealand.

 "The consequences of a data breach are severe; from financial to brand and reputation damage,” says Grant Hopkins, managing director at HP New Zealand.

“Organisations need to be vigilant about implementing processes that regularly monitor, detect and report data breaches," says Hopkins, in a statement. 

"Running regular risk assessments and managing your endpoint security is critical in keeping businesses data safe.”

The survey points out that as more Kiwis work remotely, use personal devices in the workplace, and work in public spaces, traditional security measures and antivirus programmes are becoming less effective.

Sixty percent of businesses regularly allow remote working (and remote access to company data) but only 42 per cent of them have a security policy in place.

Furthermore, while visual hacking represented the area of greatest perceived weakness, only one in five businesses have integrated privacy screens on desktops/laptops to protect this type of breach.

The survey finds Only 41 per cent of respondents have conducted an IT risk assessment in the past year. Nearly a third, 29 per cent, of those who have experienced a cyberattack or a breach in the last 12 months have not done this assessment.

Meanwhile, many IT departments tend to focus their efforts around PCs, tablets and other connected devices, but they neglect one of the largest areas of vulnerability: the printer.

The study found that New Zealand businesses have printers that are relatively insecure with 30 per cent not offering any security features and only 35 per cent of businesses including printers in their IT security assessment.

Without embedded security measures like real-time threat detection, automated monitoring, and data encryption, printers are left open and vulnerable to attack.

Not only does this make the confidential and sensitive documents that are printed, scanned and copied by the printer easily accessible for hackers, but risks the entire network being hacked, while bypassing the firewall altogether, says HP.

“Endpoint security – at the device level – is critical. Organisations tend to rely solely on third party software security to protect their devices when, in reality, stronger and better business security must be integrated into the device itself,” says Hopkins.

“With hackers able to bypass traditional network perimeter security and antivirus programmes, it’s time we scrutinise a hardware’s security as closely, if not more, than our external security solutions.”

Today’s SMBs must implement processes and technologies designed to both proactively detect and prevent against a cyberattack.

 An antivirus product only protects from malware running in the Operating System (OS). There are many other threats and security risks to a PC, for example those that aim to modify Boot-time or Runtime firmware.

“Security threats are evolving every day. Due to reduced effectiveness of firewall protection, every device on an organisation’s network is at risk, and unfortunately printing and imaging devices are often overlooked and left exposed,” he says.

Get the latest on digital transformation: Sign up for  CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz