Cyber Security Threats and GDPR

Updated: Apr 13, 2020

Businesses are putting more importance on their Cyber Security, making it one of their main priorities when looking forward. Around 1.15 trillion pounds is said to be generated each year by both intellectual property theft and ransomware combined making these two among the more profitable criminal activities.

Companies operate on a network. Small or big they will be inevitably susceptible to vulnerabilities which a potential hacker can take advantage of says Cloud Management Suite (CMS). With cloud computing, big data and smart devices being added to the picture, businesses are becoming more vulnerable.

With today’s current shift to cloud-based services, IT teams now have to widen their “area of responsibility” having to keep track of both on-premises and cloud-based components to ensure security.

The introduction of Big Data and Analytics, companies can now implement wide-scale teaching and profiling of their customers’/users’ activities across different social media platforms and allows them to collect their user’s personal and financial information which makes them a perfect target for cybercriminals. Stolen data can be sold to the cyber black market and with the amount of information and the number of users major companies hold, this could give these criminals a big fat bank account in one single breaching.

Huge companies like Facebook’s failure to comply could cost them millions or even billions should a data breach occurs. With estimates by IBM and Ponemon that each stolen record from an individual will cost them about 113 pounds when you’ve got a lot of users it quickly adds up! Furthermore, this could also damage the reputation of a company which is harder to fix.

Take companies like Yahoo! And Equifax for example who are yet to recover from their massive data breach fiasco’s.

To add salt to the wound, the preparedness of companies from the sudden implementation of the GDPR is also in question. According to a survey done by Incapsula, an internet security provider, has shown that only 41 percent of security professionals have claimed to be working on meeting the guidelines beforehand while the remaining have been ill-prepared.

The companies must thoroughly understand the regulations, this means that they should fully comprehend the key provisions given by GDPR which includes implementing increased data protection measures, notifying the authorities and their users should there be a data breach that will occur and assess the performing impact whenever a new technology which processes data are introduced to their business activities. Businesses should also inform their users and customers and seek consent whenever they will ask for them to gather information.

They should also protect their infrastructure because cybercriminals are always on the watch for possible vulnerable spots that they can exploit. IT teams should work hard to ensure security in all network devices and endpoints.

Companies should also invest in technologies and processes that will secure their customer’s information. This may include adopting hardware or services to secure storage and be able to perform actions like encrypting databases and scrubbing the personal identifiable information off of data via pseudonymization.

Security will always be a constant work in progress because it is ever-changing and business. Companies, in order to remain competitive need to adapt to these changes in the cybersecurity landscape as soon as possible. GDPR is requiring companies to provide a steward who will ensure that all business activities will be in compliance with their regulations. Companies must also address the human element by having proper training and governance.

With or without the GDPR, it is a necessity for companies to ensure that their cybersecurity strength is at an all-time high, so companies should also invest on that while complying to the EU’s GDPR at the same time since the threat of cyber attacks is ever-present. Unfortunately for these businesses though, this also gave rise to a new means of cybercriminals to attack.

Either way, companies should have a comprehensive strategy which will help them cover both cybersecurity and their compliance with GDPR. With strict compliance and strong security measures, they should be able to resolve these problems and allow their companies to thrive, survive, and succeed.