Unless something happens between now and May 2018, the largest fine assessed for negligent cyber-protection in the EU prior to the implementation of the General Data Protection Regulation (GDPR) will have gone to a company called TalkTalk.
The UK telecom firm had received warnings that two of its web applications were vulnerable to cyberattack, ignored those warnings, and then 157,000 of its customers had their data stolen.
In response to the TalkTalk breach, the EU's Office of the Information Commissioner issued a £400,000 fine — and under the GDPR, that fine would likely have been worse. It's a bad idea to ignore basic cyber-protections under any jurisdiction, but if ignoring those cyber-protections results in your company getting hacked, the EU will be on the case. Under the GDPR, the average fine for leaking customer data will increase 79x. This would turn the £400,000 TalkTalk fine into a whopping £59 million, or over $76 million USD.
This fine inflation is not just for large companies who screw up. Smaller companies will see the same increase in penalties, even small companies that aren't located in the EU but just do business there. Frankly, these fines could drive companies bankrupt. In other words, if you haven't invested in secure data access technologies yet, now is definitely the time.
Why Invest in Secure Data Access Technology
According to a recent Ponemon report, 89% of organizations have experienced data breaches. Your organization is most likely not going to be in the lucky 11% of organizations that miss out on data loss. Unless you take earnest, good-faith steps to protect yourself from cyberattacks, your company will be fair game for regulators.
Secure Data Access technology helps to eliminate one of the largest data breach causes — data loss through third party vendors. In 2016, 56% of companies said that it was likely that they'd suffered a data breach via the accidental or malicious actions of customers or vendors. These thefts can't be prevented by the ordinary run of security tools — antivirus, SIEM, or firewalls — but if you don't have some kind of strategy in this regard, you're leaving yourself open for fines.
One major vulnerability produced by the necessity of sharing data with vendors and customers is the need to do so by opening up ports within a firewall — and Secure Data Access technology obviates that risk. Instead, two nodes are placed on a secured network, one inside the firewall, and one in the organization's DMZ.
The internal node essentially sanitizes all data that comes through an organization's DMZ. It places deep packet inspection, authentication, and malware scanning directly in line with traffic that comes through your external traffic, and it also regulates what comes out. This removes the need for VPN, simplifies your network, augments your firewall, and greatly improves the security of your shared data.
Prepare for the GDPR with Secure Data Access from Safe-T
The GDPR is, by all measures, a draconian regulatory regime. Many businesses literally might not survive their first contact with its fee structure. Don't be one of the companies that gets demolished. Instead, reinforce your network now with a GDPR-compliant solution that secures your data wherever you happen to share it. For more information, get the guide to learn the necessary steps your organization needs to take in order to prepare your organization for GDPR compliancy.