GDPR Fines: Could Cybercriminals Bite Back?

A response from SMP about GDPR and the threat of cybercriminal activity –

In the 14 months since GDPR became enforceable, several high profile global organizations have incurred hefty fines in violation of the regulation. Most recently, this includes Marriott and British Airways.

For Marriott, the $123M fine comes out of the U.K.’s Information Commissioner’s Office (ICO) and stems from a data breach that exposed 500 million customer records. Further complicating the situation is the root of the hack, which originated with Starwood, two years before Marriott acquired the company.

In the case of British Airways, hackers stole the personal data of more than 500,000 airline customers beginning in June 2018. The ICO intends to penalize the carrier some $230M in response.

In the wake of these incidents, security experts, including SMP, warn that GDPR is changing more than just the cost of a breach – it’s impacting the entire security landscape. Companies operating in different countries, especially those in the European Union, face the cost of fines under GDPR and similar legislation like the California Consumer Privacy Act (CCPA), plus the cost of reparations to exposed customers and any associated litigation.

At the same time, SMP believes that cybercriminals could be taking note in hopes of blackmailing companies post-hack. It’s not that far of a stretch to capture customer data and in turn, demand $10M, especially when the company risks a fine upwards of $100M. That’s not a situation any organization wants to happen – and yet, the possibility remains.

To guard against the threat of cybercriminals and protect your organization, we recommend the following:

  1. Stay informed about GDPR and other legislative updates. Understand how and where these regulations apply to your business.

  2. Audit your current cybersecurity infrastructure, shore up any existing weaknesses and update your protocol to ensure compliance.

  3. Actively monitor these systems and information continuously with the support of a qualified team of experts. 

For more information, please contact SMP

#InformationSecurity News - 8/29/14

Here's a look at this week's top information security news stories: 

The Risks of Big Data for Companies

Big data. It's the latest IT buzzword, and it isn't hard to see why. The ability to parse more information, faster and deeper, is allowing companies, governments, researchers and others to understand the world in a way they could only dream about before.

All that is true. And yet…

It's also true that in our rush to embrace the possibilities of big data, we may be overlooking the challenges that big data poses—including the way companies interpret the information, manage the politics of data and find the necessary talent to make sense of the flood of new information.

Big data, in other words, introduces high stakes to the data-analytics game. There's a greater potential for privacy invasion, greater financial exposure in fast-moving markets, greater potential for mistaking noise for true insight, and a greater risk of spending lots of money and time chasing poorly defined problems or opportunities.

Read the rest of this article via The Wall Street Journal