When you check your smartphone and open a news app, chances are you will see an article about Brexit, North Korea or Donald Trump. However more and more frequently these days you will find a report on a well-known business becoming the latest victim of some kind of Cyber-attack, and these breaches are becoming more innovative and more persistent.
In 2015 the first ever known successful Cyber-attack on a power grid took place. Hackers compromised the systems of three distribution companies temporarily disrupting electricity supply to 230,000 customers for up to six hours. Yahoo have suffered network breaches in 2012, 2013 and again 2014. In 2015 TalkTalk were hacked, compromising the financial data of 15,000 customers and more recently, in 2016, Tesco Bank suffered an unprecedented hack, with cyber criminals stealing £2.5m.
Unquestionably Cyber-attacks are on the rise, with Debenhams the most recent UK business to report a hack. The British Chamber of Commerce reports that in 2016 one in five British firms was hit by a Cyber attack. Larger firms with over 100 employees are more likely to be targeted with 42% having been the victim of some kind of attack. Alarmingly, only one in four firms have put some kind of security measure in place to protect their customer’s data.
On Friday 25th May 2018 the EU General Data Protection Regulation (GDPR) comes into effect across Europe, replacing the Data Protection Directive that was created in 1995. Ultimately the new legislation is designed to harmonise data protection laws across Europe to protect and empower citizens data privacy and reshape the way organisations approach the security of their customer’s data. Under the new GDPR legislation, non-compliant organisations in the most serious cases could face heavy fines.
Since 1995 much has changed – the Cloud, Netflix, Social Networking, Big Data, IoT, Machine Learning, AI, Robotics, Internet banking, Internet shopping – all due to greater utilisation of the internet and advances in technology. The original Data Protection Directive was written to encourage organisations to think about Data Privacy at a time when firms were just starting to store some data online, but in the time of this 4th industrial revolution, it is appropriate for the legislation to be refreshed to reflect the modern world.
Here are the key facts about GDPR for businesses to consider:
- Personal data must be processed lawfully, fairly and transparently
- Personal data can only be collected for specified, explicit and legitimate purposes
- Personal data must be adequate, relevant and limited to what is necessary for processing
- Personal data must be accurate and kept up to date
- Personal data must be kept only for as long as is necessary for processing
- Personal data must be processed in a manner that ensures it’s security
Organisations that are deemed ‘non-compliant’ with the new legalisation can be fined up to 4% of annual global turnover or a flat €20 Million, whichever is greater. These fines are at the highest tier for the most serious infringements, but they will absolutely be enforced for those who fail to prepare.Gartner forecasts the worldwide Cyber Security market to be worth $101 billion by the end of 2018 and IDC reporting that hot areas for growth will be Security Analytics/SIEM, Threat Intelligence, Mobile Security and Cloud Security.
Gartner forecasts the worldwide Cyber Security market to be worth $101 billion by the end of 2018 and IDC reporting that hot areas for growth will be Security Analytics/SIEM, Threat Intelligence, Mobile Security and Cloud Security.
Ultimately, as we as users continue to accelerate the amount of data we create & consume and utilise more connected devices in our homes and workplaces the opportunity for Cyber criminals will only increase. However, with only one in four large firms currently having some kind of Cyber Security solution in place, there is a huge opportunity for partners to have conversations with their customers about GDPR.
Perfect Security is improbable, but failing to try is unacceptable. Despite having modern security measures in place Tesco Bank were still breached, however, TalkTalk were fined £400,000 by the British Government for ‘failing to provide adequate security measures to protect their customer’s data’, under GDPR, this would have resulted in a £70million fine.
For partners new to Cyber Security, knowing where to start can be a minefield and knowing which vendors to consider can be problematic, and this is where Ingram Micro can help. GDPR is not Y2K, this is coming, and we all need to be ready.
Read up on GDPR for yourself to see what the implications are for your customers and this will help you to identify the opportunity for your business.