by Bharat Mistry
This year’s Infosecurity Europe will be the first to take place under the new data protection regime brought in by the long-awaited EU GDPR. It’s going to be interesting to see how much coverage the new law gets. I’d wager, more than you’d think, because compliance doesn’t end on 25 May — for many firms, it will only start once the reality of the new legislation hits home. As we were reminded this week by a £120,000 fine handed down to Greenwich University, the regulator will come down hard on organisations that fail on cybersecurity.
A cautionary tale
Data protection is not all about preventing external threats. In fact, of the 3300+ incident reports filed with the Information Commissioner’s Office (ICO) in the financial year 2017-18, human error dominated. However, the case of Greenwich University should be a reminder to firms that third-party attackers are always looking for an easy way to make money by exploiting gaps in protection.
In this case, hackers targeted vulnerabilities in a microsite still up and running since it was built without the knowledge of the IT department all the way back in 2004. It’s a case of shadow IT-meets-poor process. The institution should have conducted regular audits to check for exactly these kinds of vulnerabilities in its online infrastructure. The resulting theft of data on 20,000 staff, students and alumni was made even more serious when 3,500 of these people found that information on extenuating circumstances, learning difficulties and staff sickness records was published online.
Leading from the front
Firms need a comprehensive best practice approach to cybersecurity taking as their cue risk management frameworks like ISO 27001. Security controls should be applied at every layer of the IT infrastructure, from the endpoint all the way to the network and hybrid cloud servers. The latter environments can be particularly challenging from a security perspective especially as many organisations still struggle to work out how the shared responsibility model should be implemented.
That’s why we’ll be taking our Deep Security message to Infosecurity Europe 2018 next month. Our flagship datacentre security platform was designed from the ground-up with the hybrid cloud in mind, allowing organisations to manage multiple environments easily from a single console. We’ve worked hard over many years with cloud leaders like AWS and Azure to ensure that protection for your workloads is seamless and scalable, helping firms drive innovation and growth whilst staying secure.
It also offers:
- Comprehensive malware protection, including behavioural analysis and web reputation
- Network security for each workload, using IDS/IPS to stop attacks and shield vulnerabilities with virtual patching
- Security that can lock down systems with application control, monitor system integrity, and log and report any incidents
This is the kind of peace of mind IT buyers will increasingly be looking for as the GDPR begins to bite. We’re certainly not going to see maximum fines early on — the ICO itself has said as much. But they’re definitely there for a reason and negligence will be punished, especially if there is a heightened risk of distress to the data subjects.
Come down to the Trend Micro stand to continue the discussion. We look forward to seeing you there.
What: Infosecurity Europe, Stand E60
When: 5-7 June 2018
Where: London Olympia