GDPR: Protecting your data from cyber-attacks before May 2018
Over half of all data breaches in 2016 (57%) and in the first half of 2017 (55%) were down to cyber-attacks, according to statistics.
These stark figures from Privacy Rights Clearinghouse show the level of risk surrounding business data security, particularly in the lead up to the GDPR deadline in May 2018.
The threat landscape for businesses has evolved rapidly as technology has advanced and the internet took over as our primary method of communication. This not only means hackers have a wider attack surface, but there is more data to attack in the first place; 30 years ago, we could have personal data stolen physically, but that data was limited. Medical records could detail our names, addresses and medical history, but little more than that.
With the proliferation of online services that require our personal details, we have more personal data available than ever before and significantly more places in which that personal data is stored.
In 2005, when Privacy Rights Clearinghouse began accurately recording data breaches, there were 136 breaches. In 2016 there were 806; almost six times as many. All of the largest data breaches since 2005 that breached over 30,000 records were the result of hacking and cyber-attacks apart from two – AOL and the US Military (Digital Guardian). Household names Yahoo, PSN, TK Maxx and Evernote have all been high-profile hacking victims.
With this huge threat landscape and looming fines of at least £17.5m for data breaches as the GDPR deadline approaches, it’s time to take your cyber security seriously. No business would overlook measures that could prevent a fire or a flood damaging your systems and data, so why would you ignore tools that will protect your business against cyber-attacks?
A robust cyber security solution doesn’t just include a traditional anti-virus; in fact, traditional anti-virus solutions are finding it harder than ever to deal with cyber-attacks thanks to the proliferation of zero-day attacks and sophisticated hacking techniques.
Data encryption is something we’d strongly recommend not only as part of a comprehensive IT security solution, but in light of GDPR. By encrypting files individually and keeping them encrypted wherever they’re transferred, hackers are unlikely to gain access to sensitive data even if it falls into their hands. Device encryption adds another layer of security; 10% of data breaches are down to portable devices getting lost or stolen (Privacy Rights Cleaninghouse).
Protecting against specific types of malware is also important. Ransomware is one of the fastest-growing methods of attack and has gained notoriety thanks to the WannaCry and Petya attacks earlier this year. It poses a particular danger in light of GDPR because it encrypts all of your files and hoodwinks traditional anti-virus solutions.
We’ll be covering how you can prevent data breaches and improve your data security in our upcoming GDPR and Technology event. This FREE event, held in Newcastle, Manchester and London, is focused on the technologies that you can put in place to help your business get ready for the GDPR deadline (May 2018).
You’ll hear from TSG’s Chief Technology Officer, Paul Burns, who will cover a number of topics that sit under TSG’s four defined areas of technology and GDPR:
Discover, protect, manage and report.