Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 31 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

UK companies are still struggling to comply with latest data protection regulations

by The Gurus
September 14, 2017
in Editor's News
Share on FacebookShare on Twitter

Nine in ten IT professionals in the UK are concerned with the security of the public cloud, and almost 20% do not deploy security for sensitive data stored outside the company’s infrastructure, according to a recent Bitdefender survey. Half of those surveyed admit cloud migration has significantly expanded the size of the border they have to defend, while only one in five encrypts already migrated data.

These are some of the findings of a survey released today by security firm Bitdefender. The study explores the pressures cloud migration place on 1,051 IT security professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany. As EU’s General Data Protection Regulation (GDPR) goes into effect on May 2018 — roughly eight months away — many organizations still find themselves struggling to comply. The new requirements include that data be protected adequately, and when breaches do occur organizations had better have notification capabilities in place that align with GDPR standards.

The increasing adoption of hybrid cloud — a mix of public cloud services and privately owned data centers, already in place for 70 percent of companies on a global level – is giving rise to new security challenges and prompting CISOs to adopt different technologies to fight zero-day exploits, Advanced Persistent Threats, and other devastating types of cybercrime.

Hybrid cloud brings hybrid issues

Some 85 percent of the CISOs say encryption is the most effective security mechanism to secure public-cloud-stored data, followed by security software (mentioned by 75 percent of respondents) and backups (trusted by almost half of those surveyed).

According to the survey, most US companies – a third – secure 31 to 60 percent of data stored in the public cloud, while only 21% encrypt all data stored there. Another area of concern is that 20 percent of CISOs do not deploy security in the public cloud, while a fifth do not encrypt data in transit from their own data center to an external one.

Bitdefender security specialists recommend that any data transfer between the client and the cloud service provider be encrypted to avoid man-in-the-middle attacks that could intercept and decipher all broadcasted data. Beyond that, any data stored locally or in the cloud should be encrypted to make sure cybercriminals cannot read it, in case of data breaches or unauthorized access.

To become GDPR compliant, companies need to identify data that falls under the regulations’ control – “any information relating to an identified or identifiable natural personal” –, document how this data is secured, and create incident response plans.

The survey also shows that 71 percent of IT decision makers use a security solution developed for endpoints to protect physical and virtual infrastructures, but 24 percent have implemented separate tools. Out of those, 79 percent do it to protect sensitive customer and consumer data, 70 percent cite compliance with internal and regulatory requirements, and 56 percent want to prevent service interruptions resulting from attacks.

Tailor-made security against crafted cyber weapons

Bitdefender security specialists strongly advise CISOs to use a security solution specifically designed for the infrastructure in will run on (physical or virtual) instead of a single tool for three main reasons:

– It generates overhead: installing an endpoint solution on different virtual machines hosted on the same servers impacts resources by continuously running redundant apps, like security agents

– It significantly reduces performance: security tools tailored for virtual environments use optimized agents that integrate with a security virtual appliance on server/servers, so previously scanned files are not rescanned each time a user needs them

– The typology of attacks is different: boot time security-coverage gaps leave the system vulnerable to malware attacks. As a result, virtual environments often face more sophisticated cyber weapons, such as advanced persistent threats, and targeted attacks, aiming at both companies and government entities (such as APT-28 and, just recently, Netrepser). In this respect, security for virtualized environments is by far the most effective way to detect and fight these complex tools.

What’s stored in the public cloud must not go public

Companies in the UK mostly store in the public cloud product information (47 percent), information about clients (40 percent), and information about employees (39 percent), and avoid storing off-premise what they perceive to be more sensitive data, such as research into new products and competition – 24 percent and 22 percent, respectively; intellectual property – 22 percent. Thus, companies encrypt more often information about clients (36%), financial info (31%), product info and specs (35%) than backups (28%), research into competitors (14%) and intellectual property (15%).

“The risk of being GDPR non-compliant means not only negative publicity and damage to the companies’ reputation as it has been until now, but also penalties that can total up to 4% of a company’s global annual revenue,” Bitdefender’s Senior eThreat Analyst Bogdan Botezatu says. “With 2017 having already set new records in terms of magnitude of cyberattacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields.”

Bitdefender security specialists recommend that, when opting for a hybrid cloud solution, an organization must analyze the type of data it handles and evaluate it based on its sensitivity – both for the company and its clients. Critical, personal and private data related to intellectual property must be stored on premise, with access only to authorized personnel. Organizations that handle sensitive or confidential data, or data related to intellectual property, need to ensure their private cloud infrastructure remains private. No one outside the local network should be able to access that data and only authorized personnel should be vetted for handling it. The private cloud needs to be completely isolated from public internet access to prevent attackers from remotely accessing the data through security vulnerabilities.

In terms of security challenges, 40 percent of CISOs say that public cloud is their major concern, while private cloud comes third (17 percent). Another 27 percent say they are equally concerned about both, and 15 percent admit hybrid cloud is their major area of concern.

Lack of infrastructure-agnostic security, lack of predictability, and lack of visibility are perceived as top security challenges of cloud adoption by half of the companies surveyed.

Methodology

The survey, conducted in May 2017 by Censuswide for Bitdefender, included 1,051 IT security purchase professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

Imperva Incapsula Protects NTT TechnoCross Corporation and its Customers from Website Attacks

Next Post

Equifax data breach caused due to patch update being missed

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information