..



.

SME Business News

GDPR opens doors for cyber criminals

  • Written by Murray Goldschmidt, COO at Sense of Security


Last month, the world saw the unveiling of the European General Data Protection Regulation (GDPR). Its aim is to protect and empower all European Union (EU) residents, whether in Europe or overseas, when it comes to their data privacy. It also serves to reshape the way organisations operating in the European market approach data privacy.


In a nutshell, the GDPR wants EU residents to have complete control over their personal data by simplifying the regulatory environment. However, companies around the world are choosing to implement the regulation across all customers to ensure their data is also protected, and to streamline the compliance process. This is why many of our inboxes are now flooded with updated privacy statements from global brands.


However, as residents and businesses welcome the introduction of GDPR, so do cyber criminals.


GDPR may lead to an increase in sophisticated ransomware attacks

Businesses are undertaking specific measures to improve their cyber security capability in order to protect the data they have, and to comply with GDPR. However while this may thwart lower level attacks, it is very likely to attract higher concentrations of strategic and sophisticated attacks likely to devastate an organisation.


For example, in some instances it will be less costly for a business to give in to a ransom demand than to inform customers when a breach occurs. If it costs a dollar to notify each user, and a company has 500,000 users, there’s already a cost of half a million dollars before any fines or further expenses are calculated. Hackers use this to their advantage by demanding a smaller amount as ransom, incentivising companies by providing the “lesser of two evils” option.


Not only does paying a ransom potentially cost less than reporting, but hackers convince companies that they’ll waive the reputational damage that comes with a public breach, by attempting to sweep it under the rug.


Further to that, GDPR outlines that organisations have a 72 hour reporting period once they have been made aware of a breach, to notify the right authorities. Hackers can take advantage of this small window by applying pressure on an organisation to act on a ransom demand. We’ve seen examples of ransom payouts in the cases of Uber, Yahoo and Equifax - showing that a breach is likely to surface no matter what steps companies take to hide it.


GDPR could make it harder to protect residents

The GDPR also adds increased complexity to incident response. Services which provide vital information to security researchers and law enforcement agencies to identify the origins of phishing scams or malware distribution sites are finding it difficult to comply to the regulation.


The Internet Corporation for Assigned Names and Numbers (ICANN) is currently struggling to get their WHOIS system, used to query domain name registrant databases, to comply with the GDPR. This is unlikely to occur until at least December 2018, meaning agencies and researches will have a difficult time investigating potential cyber attacks, and leaving themselves open to hackers in the meantime.


The increase in strategic, sophisticated attacks and their impact further drives the need for organisations to remain vigilant. Knowing the type of data held, how it is protected and even if it is required, needs to be assessed and appropriate action undertaken to reduce risk. This, in line with appropriate governance, technical controls, detection and response capabilities need to be focal points for all organisations, large and small.


By Murray Goldschmidt, COO at cyber security firm Sense of Security

Business Daily Media SME Business News

Bush medicine partnership to sow seeds of collaborationHow To Know If Your Business Is Digitally AdeptTips For Designing Your Own Home5 Wise Ways To Invest Your MoneyThe Top Five Apps For Improving Your ProductivityGuide To Registering Your Brand New RVFounder and CEO of the Brisbane-based lender Jacaranda Finance, Daniel WesselsGot land that needs to be constructed? Consider these guys as your contractorsDetecting and Mitigating Project Finance Risks

Business Daily Media Business Development

Di Jones real estate recognises high achieversEclipse Travel Expands Operations to New ZealandHow medical professionals can benefit from an overall wealth management solutionWhy Pinterest Should Be Part of Your Marketing StrategyThe top reasons why gyms failWHITE LABEL NOBA’s Winter 2016 season: Earth + CountryFormer Etihad boss brings substantial event insight to PMY Group BoardMore training for coffee making than property sales: REINSWRoxanne Kiely revolutionising learning for children