Business Daily Media

Men's Weekly

.

GDPR opens doors for cyber criminals

  • Written by Murray Goldschmidt, COO at Sense of Security


Last month, the world saw the unveiling of the European General Data Protection Regulation (GDPR). Its aim is to protect and empower all European Union (EU) residents, whether in Europe or overseas, when it comes to their data privacy. It also serves to reshape the way organisations operating in the European market approach data privacy.


In a nutshell, the GDPR wants EU residents to have complete control over their personal data by simplifying the regulatory environment. However, companies around the world are choosing to implement the regulation across all customers to ensure their data is also protected, and to streamline the compliance process. This is why many of our inboxes are now flooded with updated privacy statements from global brands.


However, as residents and businesses welcome the introduction of GDPR, so do cyber criminals.


GDPR may lead to an increase in sophisticated ransomware attacks

Businesses are undertaking specific measures to improve their cyber security capability in order to protect the data they have, and to comply with GDPR. However while this may thwart lower level attacks, it is very likely to attract higher concentrations of strategic and sophisticated attacks likely to devastate an organisation.


For example, in some instances it will be less costly for a business to give in to a ransom demand than to inform customers when a breach occurs. If it costs a dollar to notify each user, and a company has 500,000 users, there’s already a cost of half a million dollars before any fines or further expenses are calculated. Hackers use this to their advantage by demanding a smaller amount as ransom, incentivising companies by providing the “lesser of two evils” option.


Not only does paying a ransom potentially cost less than reporting, but hackers convince companies that they’ll waive the reputational damage that comes with a public breach, by attempting to sweep it under the rug.


Further to that, GDPR outlines that organisations have a 72 hour reporting period once they have been made aware of a breach, to notify the right authorities. Hackers can take advantage of this small window by applying pressure on an organisation to act on a ransom demand. We’ve seen examples of ransom payouts in the cases of Uber, Yahoo and Equifax - showing that a breach is likely to surface no matter what steps companies take to hide it.


GDPR could make it harder to protect residents

The GDPR also adds increased complexity to incident response. Services which provide vital information to security researchers and law enforcement agencies to identify the origins of phishing scams or malware distribution sites are finding it difficult to comply to the regulation.


The Internet Corporation for Assigned Names and Numbers (ICANN) is currently struggling to get their WHOIS system, used to query domain name registrant databases, to comply with the GDPR. This is unlikely to occur until at least December 2018, meaning agencies and researches will have a difficult time investigating potential cyber attacks, and leaving themselves open to hackers in the meantime.


The increase in strategic, sophisticated attacks and their impact further drives the need for organisations to remain vigilant. Knowing the type of data held, how it is protected and even if it is required, needs to be assessed and appropriate action undertaken to reduce risk. This, in line with appropriate governance, technical controls, detection and response capabilities need to be focal points for all organisations, large and small.


By Murray Goldschmidt, COO at cyber security firm Sense of Security

Portable Monitors for Coding and Programming Students

Today, coding and programming require more focus and efficiency. But, the most essential thing it demands is ample screen space. Students can stru...

Beyond the Banks: Why Agility and Tech Integration Are Defining the Future of Lending in Australia

In Australia’s evolving credit landscape, non-bank lenders are no longer merely filling gaps left by traditional institutions; they are actively r...

Carma appoints Owen Wilson as Chair of the Board

Carma’s next phase of growth to be guided by REA Group’s outgoing CEO who oversaw realestate.com.au rise to be Australia's #1 place for property ...

Digital Upgrade to Boost Efficiency Across Tasmanian Ports

TasPorts is undertaking a multimillion-dollar digital transformation that will improve efficiency, and enable smarter, more sustainable operations a...

Simplifying ecommerce integrations: How to streamline your setup without the stress

In today’s fast-moving retail world, having an ecommerce presence isn’t optional. Platforms like Shopify, WooCommerce, and Squarespace have lowered...

Shop Small Returns to Back the Small Businesses Supporting Local Communities

The annual Shop Small movement by American Express is returning for its 13th year in Australia to galvanise support for the country’s vibrant smal...

Sell by LayBy