A converged approach to being GDPR-ready

As we count down the weeks and months until the General Data Protection Regulation (GDPR) comes into full effect, let’s look at the implications for ill-prepared businesses and what they can do to ensure compliance.

Digital networks and business data centres are under siege from all sides. With the increasing prevalence of DDoS and malware attacks, for example, technological advancement is a double-edged sword.

For businesses seeking to benefit from its many advantages, it can be the difference between life and death.

For the end-user customer, the digital revolution is spoiling us for choice with new innovations that ultimately, make our lives easier.

But, for the organisations providing the products and services, it’s a world where risk management is key.

No sector is exempt or immune. Retail, manufacturing, banking, legal, logistics, hospitality, health, travel, professional services…no matter what the model, the top priority is security.

Despite the enforcement of GDPR being only a year away, less than half of all UK businesses admit that they are insufficiently prepared in terms of planning and resources. This puts them at grave risk of facing a hefty fine of 4 per cent of revenue as per the terms.

The inaction can be attributed primarily to a lack of awareness of what GDPR is and what it means for one’s business.

In simple terms, the regulations are an attempt to synthesize different, often conflicting, data standards across the EU’s member states, and drive down leaks, breaches and hackings.

The UK government has confirmed that it will adopt the legislation while we are still in the Union and mirror it once we leave in order to remain streamlined and consistent.

Security provision is of course at the heart of any business’s GDPR readiness. However, a recent report by Veritas reveals that almost 40 per cent of businesses are worried about a major compliance failing, while over 30 per cent are anxious about any reputational damage they might face due to weak data policies.

Pretending that cyber threats might go away on their own or maintaining a complacent attitude of ‘it won’t happen to me’ can potentially have disastrous consequences, as well as block the potential for businesses to maximise the opportunities that digitisation offers.

Businesses must therefore be connected, protected and agile.

The digital revolution has also enabled criminals to get smarter. We are seeing more and more entry points being opened up through which data is being stolen. Everyone from competitors, organised crime groups, political activists and even national governments are potential threats. And unless your infrastructure is adequately protected, you never know when they will strike and from which angle.

To add fuel to the fire, if you’re attacked once, it will most likely happen again. Exposing vulnerabilities means that criminals can exploit them for repeat offences. With the ever-increasing sophistication of how these criminals are operating, one can never be 100 per cent secure.

To counter this, digital business resilience is required. This refers to the ability to allow your customers to consume the services they want, with the peace of mind that neither the business or the consumers are vulnerable, plus an integrated back-up plan to keep your ‘always on’ promise.

Most decent-sized digital businesses experience several attempted DDoS attacks every single day but these are usually dealt with before they are able to do any major damage, depending on the level and quality of protection.

But the number and intensity of DDoS attacks are increasing. A recent report by Neustar states that there have been more than twice as many attacks of more than 50 Gbps in the past year compared to 2016.

DDoS attacks temporarily kick a business off its network while the attack is denied. Although the denial is the most important bit, the resulting down-time can also have serious implications. To deny an attack, remain connected, but also have the added safety net of a robust and cost-effective business continuity provision if things don’t go to plan is the ultimate goal.

An end-to-end solution, including the deployment of the next generation firewall and data leak protection, is the ideal to strive for. This allows for mitigation of risk based on understanding the customer’s actual exposure; providing the tools to help manage that risk; and then educating in how to react when the risk is exposed. It’s about 24-hour monitoring of the network, teamed with incident response, the analysis, and then the business continuity back-up.

When it comes to security, businesses crave confidence. Staying ahead of the curve means thinking the same way, and at the same pace, as those plotting against you. If there was ever a perfect time to build up one’s own digital defences, now would be it.

By Walt Rossi, Head of Security, Daisy Group.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.