By Andy Samsonoff, CEO of Invinsec
GDPR guidelines state that data breaches now need to be reported within 72 hours of a cyber attack taking place. However, if you have not put adequate measures in place to protect your data and minimise the impact, you could be at risk of not noticing a breach within the designated reporting time frame.
In reality cyber threats are growing, but this increase has been happening year on year due to the number of internet connected devices on the market. Protecting your business from threats you don’t know about is difficult, but companies and clients will expect you to put adequate measures in place and implement solutions to provide the highest protection feasible. This should include perimeter fencing such as firewalls and virus protection, but also 24 hour security monitoring to identify threats and attacks when they occur, allowing you to take action and ensure you stay within the reporting time frame.
Some argue that damage to reputation, loss of sales and remedial costs could mean a breach costs your business significantly more than the 4% annual turnover fine the ICO have put in place. Could you take the risk?
How could cyber threats grow under GDPR
With companies developing their cyber security in order to ensure their business is not in breach of the new regulations, it’s only safe to assume that cyber hackers will too up their game. With phishing attacks alone seeing an increase of 65% in 2016, this should incentivise corporations to comply with data protection legislations.
You cannot stop cyber threats from happening but if a data breach does occur, it may mean that the regulator looks in detail at how you have responded and what measures you had in place to cope with such an attack. If you can show that you did everything possible to mitigate the impact of the breach, you are likely to reduce the level of any penalty issued.
Trusting a specialist IT security company to monitor your system and provide real-time analysis of security alerts, is a viable solution when considering how to stay in-line with the GDPR regulations. If you can show clients you are protecting your data from unauthorised access, it will reassure both perspective and current clients and instil a high level of trust.
How can you protect against a cyber attack?
Cyber security is no longer simply the responsibility of the in-house IT department, as providing 24 hour full service security monitoringis an essential part of ensuring companies stay in line with GDPR regulations. Having the ability to monitor for threats 24/7, 365 days a year using a SIEM (Security Information and Event Management) solution combined with threat intelligence and data protection tools, should ideally be part of your standard GDPR toolkit.
Our expert cyber security team, built from ex CISOs and staffed with SIEM veterans from both sides of the fence, means that we’re able to offer businesses this ‘always on’ level of resource and protection from our 24x7x365 SOC. We know that customers don’t just want out-of-the-box solutions; they also want full support in the event of an incident or if they have any concerns about security and being GDPR compliant.
We understand your business and work in partnership with you to develop a protocol which means you can take a back seat when it comes to your IT Security, allowing us to provide an all-inclusive, high level service to your business. Contact us to find out more about the service we offer.
