Business Daily Media
The Property Pack

.

GDPR opens doors for cyber criminals

  • Written by Murray Goldschmidt, COO at Sense of Security


Last month, the world saw the unveiling of the European General Data Protection Regulation (GDPR). Its aim is to protect and empower all European Union (EU) residents, whether in Europe or overseas, when it comes to their data privacy. It also serves to reshape the way organisations operating in the European market approach data privacy.


In a nutshell, the GDPR wants EU residents to have complete control over their personal data by simplifying the regulatory environment. However, companies around the world are choosing to implement the regulation across all customers to ensure their data is also protected, and to streamline the compliance process. This is why many of our inboxes are now flooded with updated privacy statements from global brands.


However, as residents and businesses welcome the introduction of GDPR, so do cyber criminals.


GDPR may lead to an increase in sophisticated ransomware attacks

Businesses are undertaking specific measures to improve their cyber security capability in order to protect the data they have, and to comply with GDPR. However while this may thwart lower level attacks, it is very likely to attract higher concentrations of strategic and sophisticated attacks likely to devastate an organisation.


For example, in some instances it will be less costly for a business to give in to a ransom demand than to inform customers when a breach occurs. If it costs a dollar to notify each user, and a company has 500,000 users, there’s already a cost of half a million dollars before any fines or further expenses are calculated. Hackers use this to their advantage by demanding a smaller amount as ransom, incentivising companies by providing the “lesser of two evils” option.


Not only does paying a ransom potentially cost less than reporting, but hackers convince companies that they’ll waive the reputational damage that comes with a public breach, by attempting to sweep it under the rug.


Further to that, GDPR outlines that organisations have a 72 hour reporting period once they have been made aware of a breach, to notify the right authorities. Hackers can take advantage of this small window by applying pressure on an organisation to act on a ransom demand. We’ve seen examples of ransom payouts in the cases of Uber, Yahoo and Equifax - showing that a breach is likely to surface no matter what steps companies take to hide it.


GDPR could make it harder to protect residents

The GDPR also adds increased complexity to incident response. Services which provide vital information to security researchers and law enforcement agencies to identify the origins of phishing scams or malware distribution sites are finding it difficult to comply to the regulation.


The Internet Corporation for Assigned Names and Numbers (ICANN) is currently struggling to get their WHOIS system, used to query domain name registrant databases, to comply with the GDPR. This is unlikely to occur until at least December 2018, meaning agencies and researches will have a difficult time investigating potential cyber attacks, and leaving themselves open to hackers in the meantime.


The increase in strategic, sophisticated attacks and their impact further drives the need for organisations to remain vigilant. Knowing the type of data held, how it is protected and even if it is required, needs to be assessed and appropriate action undertaken to reduce risk. This, in line with appropriate governance, technical controls, detection and response capabilities need to be focal points for all organisations, large and small.


By Murray Goldschmidt, COO at cyber security firm Sense of Security

Popular

The Access Group launches $100k in Small Business Software Grants

Initiative aims to have a long-term positive impact on Australian small businesses, as business failure rates reach a 15-year high  The Access Group (“Access”) has announced $100,000 in Small Business Software Grants to ten s...

Cremorne Digital Hub to nurture Australia's next tech unicorns

Addressing the ecosystem’s growing pains which threaten to drive Australia's next generation of tech unicorns offshore, Cremorne Digital Hub's Scaleup Program powered by Boab aims to fuel the next level of digital investment a...

Breaking Bread: How Transformational Credit Helped the Dough to Rise

In the world of business, success often hinges on the ability to adapt and overcome challenges. Nomad Breads is a manufacturer of artisanal style bread with a significant presence making Turkish bread. Facing a slew of issues ...

Virtual Office