As far as corporate information security goes, just a few years ago it was thought sufficient merely to surround systems with strong firewalls and that would be enough to stop hacker attacks. Today, this attitude is unsafe because cyber crime is assuming ever greater dimensions. Without constant enhancement of protection, resistance to these forms of attacks is hopeless.
Cyber security represents one of the greatest challenges of the 21st century for enterprises.
Earlier, attacks were primarily aimed at acquiring data, but as companies expand in the virtual sphere, so they offer an ever-larger target: their client channels not to mention their hard-won reputation can be under threat.
A report by ZDNet shows that more than 3000 significant hacks, leaks and data theft events were recorded, and a total of approximately 2.2 billion data records were appropriated.
Experience from the past few years suggests that many still believe multinational corporations are the only ones affected by cyber attacks because greater quantities of data are available to hackers. However, those companies devoting less attention to necessary security measures lay themselves open to hacker attacks. Parallel with the increase in the number and volume of attacks, governments are placing increasing emphasis on the battle against cyber crime. As a result, the European General Data Protection Regulation (GDPR) is being toughened up. It comes into force on 25 May 2018. The regulation details to what extent the parties and the service providers can be considered at fault for loss of data if they have not taken sufficient steps to secure them, thus it is expected that this will result in significant changes in the area of cyber security.
So-called Distributed Denial of Service, or DDoS, events should not be underestimated, either. A few years ago experts were of the opinion that the DDoS fashion was on the wane, but companies are still experiencing constant new attacks in this area, which means that appropriate preparation is more important than ever. Despite this, a research project by BT showed that 59% of companies had already experienced a DDoS, whereas 40% of organizations had no effective measures in place to tackle such an attack.
On the whole, one finds that companies that are insufficiently prepared for the threat of cyber attacks and compliance with the new regulations are SMEs. One reason for this is that over the past few years computer technology risks have grown, resulting on the one hand in changes to legal and regulatory requirements, and on the other hand, significant increases in costs.
Prepare yourself now
Cyber security regulation can be a sensitive area for smaller enterprises because unlike larger corporations they do not have sufficient resources at their disposal to resolve data protection deficiencies. However, the fact is that if a company does not take the necessary security measures or does not operate in compliance with the regulation, and the data security of users is breached as a result of a cyber attack, then the GDPR allows for the company to be fined up to 4% of its revenue.
In other words, it is absolutely vital for SMEs to prepare for the regulation as soon as possible and to shape their data protection policy, procedures and processes accordingly.