Since the advent of the internet, the law has struggled to keep pace with subsequent advances. Technology has progressed rapidly, with increasing numbers of everyday objects now connected in the internet of things (IoT), and threats have grown exponentially in tandem. Regulators and lawmakers, however, have been slow to recognize the data protection implications.
But now that the European Union’s much-anticipated General Data Protection Regulation (GDPR) is on the horizon, it’s time for companies to act.
The law will establish fines of up to 5% of global turnover, or up to €100m, and will introduce mandatory data breach disclosure, meaning that businesses will be asked to report data breaches within a 72-hour window.
Security breaches can happen to any size of business, and it’s not enough to react to them when they occur; planning for the worst, putting budget aside, and proactively strengthening security while actively seeking out weak spots is now essential.
If the unthinkable happens, and a security breach does occur, then the answer is to focus efforts on detecting it as quickly as possible and then acting to minimize harm.
This was a key failure in the high-profile Sony breach last year. While Sony had deterrents in place once access had been gained, it failed to stop its defenses being further breached, apparently for months on end. The determined and patient attackers exfiltrated gigabytes of documents, embarrassing emails, and even entire movies in what would prove a public relations nightmare for the company.
In 2014, Experian found a staggering 43% of US businesses surveyed had suffered a data breach –mostly rooted in employee negligence.
IT and security professionals should review the impending GDPR legislation, and close the tech deficit gap in time to meet its requirements, in turn discovering and exploring the areas of their network that are putting them at risk so they can remediate.
With the influx of employees using their own devices and increased numbers of users accessing corporate networks and creating new security headaches, they must also manage what goes in and out of their network.
“Security is doing more with less, consolidating, and reducing the number of suppliers which is, in turn, reducing costs”
There’s a fine balance to be struck between employees working from home and potentially exposing the organization to more external risk. Where highly sensitive data is at stake, organizations must put robust policies in place.
This rings particularly true for organizations which must adhere to regulatory compliance, such as the NHS, local government and financial services, whereby substantial financial penalties can be levied against them.
Businesses must protect their critical assets with key defenses including endpoint encryption, device control, data loss prevention (DLP), network access control (NAC), host intrusion prevention (HIPs), next-gen firewall, and anti-malware.
There’s a fine balance to be struck between employees working from home and potentially exposing the organization to more external risk. Where highly sensitive data is at stake, organizations must put robust policies in place.
This rings particularly true for organizations which must adhere to regulatory compliance, such as the NHS, local government and financial services, whereby substantial financial penalties can be levied against them.
Businesses must protect their critical assets with key defenses including endpoint encryption, device control, data loss prevention (DLP), network access control (NAC), host intrusion prevention (HIPs), next-gen firewall, and anti-malware.
Endpoint visibility provides incredibly advanced information on employee activity, identifying anything that’s out of the ordinary. It notices when patterns of activity change, and is even capable of accurately predicting when a member of staff is preparing to leave the business. This can be invaluable in detecting the behaviors that can lead to a potential breach.
The good news is that security is doing more with less, consolidating, and reducing the number of suppliers which is, in turn, reducing costs. This is a positive step, as the more infrastructure that’s in place and staff required to manage it, the more inherent risk there is of being compromised.
Frankly, if you can’t recover your critical data at any given time, then you may no longer have a business. Furthermore, if you can’t get your business back up and running quickly, then you also have a major problem on your hands.
The true cost of security isn’t how much investment is required to protect your network, but in how much reputational damage and financial legacy your organization will suffer if it becomes the victim of a breach.
With that in mind, choosing a strong partner to help mitigate business risk could be the smartest security investment of all.