Ransomware attacks are being launched against businesses, organisations and governments around the world almost every day, bringing cyber security into the forefront organisations’ strategies. The surge in cyber crime also poses a threat to the safety of customers’ personal data.
On May 25th next year, General Data Protection Regulation(GDPR) will come into effect, placing responsibility for safeguarding personal data firmly on the shoulders of businesses. The legislation means that businesses that suffer a cyber attack, where a data breach occurs, will have to notify the relevant supervisory authority within 72 hours. Furthermore, authorities will investigate whether or not the organisation was taking all the necessary steps to ensure the protection of personal data, or otherwise. If found guilty, organisations could face costs of up to €20 million or 4% of global annual turnover, whichever is the greater.
In cases of ransomware attacks, victims are often unaware that they grant access to the virus which will access their files. Most commonly, they will click on a fake link or open attachments sent via email.
Once the virus gains access, it quickly encrypts files and a ransom note appears demanding payment to restore access or it will delete the encrypted data within a certain timeframe. While this is taking place, the virus also searches for other vulnerable computers to infect without users needing to let the virus in. This is exactly how the WannaCry ransomware was able to spread as far as it did and why there is such a concern from both IT experts and companies.
Although the attack was contained, experts have since warned that we are likely to see more of these types of attacks. While these attacks become more intelligent, it’s clear that most businesses are not ready to defend company and customer data. They aren’t ready for the new GDPR legislation, and when it does come into play, they are likely to face huge fines.
Businesses must act now to ensure that their cyber security strategy is up to date. From the attacks on the NHS, we can see that ransomware attacks are a problem for both large and small organisations. Small businesses have seen a rise in attacks in the last year, as they are being targeted because they are believed to have less resources to invest in cyber security.
GDPR also requires companies to demonstrate that all employees should understand what constitutes as a data breach. They must also have breach detection, investigation and internal reporting procedures in place.
GDPR will affect every business and organisation operating in Europe, regardless of size, industry or Brexit. To find out everything you need to know to prepare for GDPR, join the GDPR Conference Europe, a one day conference full of expert speakers giving the most up-to-date advice and tips to ensure you are compliant in time.
By Laura Edwards, Defence.Digital.