Collaboration essential for GDPR compliance

As the European Union reaches an agreement on the General Data Protection Regulation (GDPR), which will require companies to comply with state-of-the-art cybersecurity requirements, security firm Palo Alto Networks has surveyed businesses to see how much they know about cyber-security and where the responsibility lies.

The survey suggests much work still needs to be done, particularly in areas of collaboration and responsibility sharing.

The key takeaway from the survey is that a significant amount of accountability is placed solely in the IT. Forty-eight per cent of managers, and 57 per cent of IT departments agree IT has sole domain over a company’s security.

The lack of consensus over where the duty lies could come from the lack of basic understanding what cyber-security is, at a leadership level, Palo Alto Networks suggests.

Thirteen per cent of C-Level executives could ‘kind of’ understand what defines an online security risk to a business and “still have to use Google to help explain it.” On the other hand, 10 per cent of employees don’t believe executives understand current cybersecurity issues.

Here’s what Palo Alto Networks suggests:

  • Create a strategy focusing on preventing cyber-attacks. Make sure you include every step of the attack, and take employee awareness and accountability into consideration
  • Use automated security technology
  • Educate your employees on their role in preventing cyber-attacks

“The new EU regulations will require businesses to step up their cybersecurity practices, and this can be an opportunity or a risk, depending on how these businesses choose to approach it,” said Greg Day, vice president and regional chief security officer, EMEA, Palo Alto Networks. “Ultimately, it is critical that managers recognise that, when it comes to cybersecurity, the onus is on everyone – it’s no longer a dark art but an everyday business practice that must pervade every level of the organisation.”