GDPR working already? | CyberSecuritySpeak

Racepoint Global

Written by: Heer Rangwani, Intern – Racepoint Global UK

Are we finally starting to take data protection seriously? There’s been a lot of lip service paid to cybersecurity over the past couple of years (which has almost reached the point of white noise as we GDPR comes closer to reality) but the constant data breach news cycle would suggest not.

In fact, according to data released this week by US-firm, Risk Based Security, the number of data breaches disclosed in Q1 2018 was actually down compared with 2017: down to just 686 from 1,444. Additionally, the number of disclosed instances of phishing for employee data dropped from 214 to 31. While these figures don’t necessarily take into account the scale of breaches, it would appear that companies are being more rigorous with their approach to data protection and privacy.

The ‘why’ of this is an interesting question. It would seem that media buzz has actually had a positive effect on the majority of organisations. With Facebook/Cambridge Analytica dominating the news – and this was fraud, rather than a data breach, lest we forget – overall awareness of issues has grown. In this respect, you would have to say the efforts of vendors, experts and consultants in the cyber security space has paid off. The reduction in employee-targeted phishing attacks would also suggest this education is working at every level.

How the conversation develops from here will be quite telling. With GDPR, there is a very definite deadline to work to but when you scratch beneath the surface GDPR is a continual process. The challenge will be convincing consumers and businesses that it’s not a case of “job done.” The message will have to change and without the crutch of GDPR to lean on, ensuring data protection stays on the agenda will require greater creativity than ever before.

News Round-up 

BBC News

Information watchdog seeks Cambridge Analytica data

Cambridge Analytica could face a steep fine if it does not comply before a 30-day deadline expires. The data demand stems from legal action by Prof Carroll, who wants to know what information the firm holds on him.

InfoSecurity

Data Breaches Decline in Q1 2018

The Q1 2018 numbers are in, and while it might be an overly optimistic conclusion, the breach landscape could be changing based on the Risk Based Security, Q1 2018 Data Breach QuickView Report.

ITPro

What is GDPR? Everything you need to know before the 2018 deadline

The GDPR is created to regulate how businesses use data, ensuring it’s the same across the entire EU and is due to come into force on 25 May – and even though the UK is due to leave Europe in the next 12 months, it will still apply to all businesses handling EU residents’ data, effectively replacing the Data Protection Act 1998.

Computer Weekly

CISO: Data integrity and confidentiality are ‘pillars’ of cybersecurity

When it comes to protecting online info, one cybersecurity veteran says the role of a CISO is to first incorporate processes that maintain data integrity and confidentiality.