Last year saw some of the worst data breaches. 14 million Verizon subscribers who contacted its customer services and had their records exposed; the “best cyber security consultant in the world”, Deloitte; Forever 21’s compromised PoS devices; and lest we forget the infamous Equifax. Is there really any hope for 2018?
This Sunday’s Data Protection Day is very timely indeed. It comes just four months before GDPR comes into effect. GDPR will help organisations realise the gravity of data breaches and to respect their customers’ data. However, time is ticking.
According to network security company EfficientIP, it typically takes 99 days before a data breach is detected. This means organisations have until the 15th of February (exactly 100 days before May 25th 2018) and EfficientIP is calling X-Day, short for data exfiltration day, to ensure they are GDPR compliant. Hervé Dhelin, SVP Strategy at EfficientIP commented below.
Hervé Dhelin, SVP Strategy at EfficientIP:
“The various, large-scale breaches of 2017 are warnings for companies around the world. However, this year is looking hopeful with data protection as a top priority for businesses. The introduction of GDPR in May will be a major driving force for businesses small and large to take greater care in safeguarding their customers’ data. In order to, not only avoid heavy fines, but also strengthen brand reputation and customer trust, organisations want to urgently strengthen their cyber security strategies.
A primary area to protect is DNS because over 90% of current malware uses DNS. From our Global DNS Threat Survey Report, we know 76% of organisations around the world were subjected to a DNS attack in the last 12 months and over a quarter (28%) of those suffered data theft as a result. It is not surprising UK organisations suffered so many attacks, as 99% did not apply the necessary security patches compared to 83% globally. If they haven’t done so already, now is the time for businesses to protect themselves and their customers from such attacks ahead of the new regulation.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.