EU report calls for better security awareness

EU report calls for better security awareness

With more business being conducted online, IT security has largely become synonymous with security in general. A recent report by the European Network and Information Security Agency highlighted how far companies have to go before they can truly feel secure. The source explained that, when large breaches are discovered, concerns flood the media, hinting at a rising awareness in cybersecurity importance. Many digital incidents, however, never become known at all.

Failures of reporting

The ENISA expressed frustration with the difficulty of accounting for digital incidents and breaches as a result of the lack of a unified reporting method across the industry. The agency explained that security failures going either unnoticed or undeclared have obfuscated the true amount and nature of risk toward global computing. A new wave of laws and official procedures could help turn the tide and educate CIOs.

Incident response schemes are vitally important when coping with security failures. The ENISA report contained strong support for frameworks in individual countries that make it easy for organizations to mount a response. It also explained that mandatory reports on incidents are a strong way to encourage accountability, with added data sharing to help firms concoct the best reaction possible to any given breach.

International watchdogs

As legislators become more aware of the importance of digital data, more regulations are bound to appear. Rather than waiting, however, companies can pursue strong security strategies now and stay safely ahead of the curve.

According to Computerworld, the New Zealand Privacy Commissioner recently became involved in a data loss incident concerning 6,748 customers' private data at the Accident Compensation Corporation. Commissioner Marie Shroff's review of the incident found that the company in question engaged in a number of unacceptable data management practices leading up to the incident, an example of an official body taking interest in information security at a corporate level.