Business Daily Media

GDPR opens doors for cyber criminals

  • Written by Murray Goldschmidt, COO at Sense of Security


Last month, the world saw the unveiling of the European General Data Protection Regulation (GDPR). Its aim is to protect and empower all European Union (EU) residents, whether in Europe or overseas, when it comes to their data privacy. It also serves to reshape the way organisations operating in the European market approach data privacy.


In a nutshell, the GDPR wants EU residents to have complete control over their personal data by simplifying the regulatory environment. However, companies around the world are choosing to implement the regulation across all customers to ensure their data is also protected, and to streamline the compliance process. This is why many of our inboxes are now flooded with updated privacy statements from global brands.


However, as residents and businesses welcome the introduction of GDPR, so do cyber criminals.


GDPR may lead to an increase in sophisticated ransomware attacks

Businesses are undertaking specific measures to improve their cyber security capability in order to protect the data they have, and to comply with GDPR. However while this may thwart lower level attacks, it is very likely to attract higher concentrations of strategic and sophisticated attacks likely to devastate an organisation.


For example, in some instances it will be less costly for a business to give in to a ransom demand than to inform customers when a breach occurs. If it costs a dollar to notify each user, and a company has 500,000 users, there’s already a cost of half a million dollars before any fines or further expenses are calculated. Hackers use this to their advantage by demanding a smaller amount as ransom, incentivising companies by providing the “lesser of two evils” option.


Not only does paying a ransom potentially cost less than reporting, but hackers convince companies that they’ll waive the reputational damage that comes with a public breach, by attempting to sweep it under the rug.


Further to that, GDPR outlines that organisations have a 72 hour reporting period once they have been made aware of a breach, to notify the right authorities. Hackers can take advantage of this small window by applying pressure on an organisation to act on a ransom demand. We’ve seen examples of ransom payouts in the cases of Uber, Yahoo and Equifax - showing that a breach is likely to surface no matter what steps companies take to hide it.


GDPR could make it harder to protect residents

The GDPR also adds increased complexity to incident response. Services which provide vital information to security researchers and law enforcement agencies to identify the origins of phishing scams or malware distribution sites are finding it difficult to comply to the regulation.


The Internet Corporation for Assigned Names and Numbers (ICANN) is currently struggling to get their WHOIS system, used to query domain name registrant databases, to comply with the GDPR. This is unlikely to occur until at least December 2018, meaning agencies and researches will have a difficult time investigating potential cyber attacks, and leaving themselves open to hackers in the meantime.


The increase in strategic, sophisticated attacks and their impact further drives the need for organisations to remain vigilant. Knowing the type of data held, how it is protected and even if it is required, needs to be assessed and appropriate action undertaken to reduce risk. This, in line with appropriate governance, technical controls, detection and response capabilities need to be focal points for all organisations, large and small.


By Murray Goldschmidt, COO at cyber security firm Sense of Security

Business Daily Media Business Development

How Microsoft's Activision Blizzard takeover will drive metaverse gaming into the mass market

Ready Player 1,000,000,0001?Sergey NivensMicrosoft was positioning itself as one of the pioneers of the metaverse even before its US$75 billion deal to buy online gaming giant Activision Bli...

Theo Tzanidis, Senior Lecturer in Digital Marketing, University of the West of Scotland - avatar Theo Tzanidis, Senior Lecturer in Digital Marketing, University of the West of Scotland

Some of the super-rich want to pay more tax – but society cannot afford to depend on them

Shutterstock/PilgujDemands for the super wealthy to pay more taxes are not new. But they don’t usually come from billionaires or millionaires.Yet on January 19 2022, around 100 of the ...

Peter Bloom, Professor of Management, University of Essex - avatar Peter Bloom, Professor of Management, University of Essex

A killer app for the metaverse? Fill it with AI avatars of ourselves – so we don't need to go there

Ready avatar one?Athitat ShinagowinBig numbers coming. Microsoft’s US$75 billion (£55 billion) acquisition of Activision Blizzard has landed – true to Call of Duty vernacul...

Alex Connock, Fellow at Said Business School, University of Oxford, University of Oxford - avatar Alex Connock, Fellow at Said Business School, University of Oxford, University of Oxford

Labelling Equipment; Prayers Have Been Heard and, Answered

If you are an instrumental part of a management team for a business that now requires labels for their products or goods, then traditionally you’d have had one of three choices, if the...

Business Daily Media - avatar Business Daily Media

Leading Australian Microsoft partner Satalyst acquired by Canon

Satalyst, one of the leading Microsoft cloud and security partners in Australia, has today announced that effective immediately it has been acquired by Canon Australia. Satalyst will joi...

Business Daily Media - avatar Business Daily Media

How Timeline Maker Helps Business Owners On Their Targets

With many businesses today, the challenge is to make the audience know what you are all about. You can never go wrong with a website or an online presence for it is one of the most effecti...

Business Daily Media - avatar Business Daily Media



NewsServices.com

Content & Technology Connecting Global Audiences

More Information - Less Opinion