Organisations not confident about complying with EU regulation
Seven out of 10 IT decision makers say that data protection is a priority for their organisation, but only 26 percent say they are confident about complying with current EU legislation.
That's according to Node4 which conducted research that reveals high levels of confidence among IT audiences about their ability to protect data. Survey results were collected from 100 UK-based ITDMs in organisations of 50 or more employees.
Nearly all (86 percent) claim that their IT systems can deal with an information leakage and 87 percent agree they are confident they could handle a system compromise. On the other hand, 41 percent of ITDMs admitted they don't know how many intrusions or security breaches their organisation has suffered in the last 12 months and 46 percent are concerned about the lack of security for their IT infrastructures.
A lack of sophistication within many organisations around how they're protecting their data and IT systems was noted with low numbers putting in place even the most basic protection. Only 23 percent have intrusion detection systems; 25 percent have DDoS mitigation; 40 percent have intrusion prevention systems; and 51 percent have data encryption.
Node4 offered five tips for bolstering your data protection and IT security strategy:
1. Establish the right policies – assume you will be a target and develop the appropriate policies for IT and the wider business
2. Audit continuously – Understand the needs and vulnerabilities of your IT infrastructure to anticipate and mitigate potential threats before they happen
3. Establish visibility with SIEMs – A SIEM strategy will give a bird's-eye view of all data from a single point, enabling complete visibility of a complex IT infrastructure
4. Cover the basics – Don't forget to implement the basics that remain the beating heart of any security architecture such as firewalls and encryption
5. Adopt unified threat management (UTM) – Bring together the tools to effectively mitigate a wide range of threats and intrusion methods into a single system for easy detection and management
“The research reveals a clear disparity between understanding the need to prioritise data protection and an organisation's ability to comply with legislation and put in place the necessary measure to protect the business. The threat landscape is becoming increasingly sophisticated and complex, so it's more important than ever to put in place systems that will prevent or mitigate attacks and security incidents,” said Steve Nice, security technologist at Node4.