General Data Protection Regulation: Inadequate preparation
Almost 80% of IT decision-makers have only a poor understanding of the implications of the new General Data Protection Regulation (GDPR) or have even not heard of it at all. This is the result of a study by the market research institute IDC.
700 SMEs were surveyed for the study. The goal was to learn more about the respondents' planned approach to the EU's new General Data Protection Regulation (GDPR) and endpoint security. The results clearly show that companies are still uncertain about the new regulation, according to ESET's press release. Nevertheless, one in three companies surveyed supported the regulations on data encryption set out in the GDPR. The IT security company presents these and other results of the IDC study in its related whitepaper before.
Data as a business asset
63% of data breaches can be attributed to stolen or cracked passwords. This clearly shows the urgent need for an additional or alternative authentication factor, ESET said. In doing so, companies could anonymize or encrypt their data. However, anonymization can be circumvented by correlating multiple sources, he said. Encryption solves that problem, he said. "Protecting customers and partners is, of course, particularly important to the continued existence and success of any organization. However, encryption has historically been viewed by most SMBs as too complex and expensive," said IDC's Mark Child. "Increasingly, however, companies are recognizing the business value of their data and are aware of the ever-increasing regulatory frameworks they must comply with and the associated penalties for non-compliance."
Nevertheless, many companies are not yet sufficiently prepared for the change in the legal situation. Of those respondents who were aware of the GDPR, 20% said they were already compliant with the new requirements. 59% are working on it and 21% said they were not prepared at all, ESET writes.
Poor malware protection
Antimalware software is an important approach to data encryption in companies. Many companies have already recognized that their existing software no longer meets the requirements and threats. Half of the respondents said they wanted to add or upgrade in this area. Encryption, which is part of the DSGVO regulation, is on the wish list of 36%.
Study Notes: The study "New Offerings Make MFA and Encryption Accessible to SMEs as Data Protection Challenges European Organizations" was conducted by IDC on behalf of ESET. For this purpose, 700 IT decision-makers from SMEs with 50-500 endpoints were surveyed. The respondents came from 7 European countries (Germany, the United Kingdom, Italy, Spain, the Netherlands, the Czech Republic and Slovakia).
