We are excited to introduce a weekly, multi-part blog series called the BOHH Breakdown focused on all things security. From on-prem, cloud and mobile security needs to IoT and emerging technologies, this series will offer a security breakdown on the topic of the week and offer insight on how BOHH Labs helps improve your security strategy.
Each Tuesday we will post a new blog in the series and we look forward to your thoughts.
Keep a lookout for the first installment of the BOHH Breakdown next week on Tuesday, September 5th, as we take a look at the industry approach to security and how we can get closer to a “cure” for hacks.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Oracle Offers API to Link Banks to Fintechs
Oracle Corp. is offering a payments application programming interface based on the ISO 20022 standard that will allow banks to more easily collaborate with fintechs and other third parties. Read more…
UK data protection laws to be overhauled
Britons could obtain more control over what happens to personal information under proposals outlined by the government. Citizens will be able to ask for personal data, or information posted when they were children, to be deleted. Read more…
HBO Data Dumped, Hackers Demand Millions
Attackers who reportedly stole 1.5TB of data from HBO release a second data dump and demand millions in ransom. Hackers behind the recent HBO data breach have dumped a second collection of stolen files and demanded millions in ransom. Read more…
UK calls for smart car cyber protection
A new generation of internet-connected cars will have to be better protected from cyber attackers, under tough new UK government guidance. Read more…
Insight on GDPR from BOHH's Becca Bauer
There is now less than a year for organizations collecting, using or working with anyone that handles data regarding citizens in the EU to get their policies in place to comply with the mandated General Data Protection Regulations (GDPR) that go into effect in May 2018.
Although greater data protection is becoming more important than ever as our economies become digitized and the potential for breaches have become a daily norm, the burden of updating security polices and strategies for organizations to comply with GDPR can be overwhelming and take a considerable amount of time and resources. As companies scramble to integrate GDPR-compliant solutions in to its data protection and collection strategy, it is likely to have some profound impacts on how the entire business operates. Below are three ways some of the key changes mandated by GDPR will make an impact on organizations’ entire ecosystem.
Reputation Damage and Strict Penalties
It is no secret that data breaches often bring negative press and a lack of trust among consumers, and while some of these breaches result in settlements, most until now have not had financial penalties. One of the major impacts GDPR will have on organizations is the pressure of strict fines if companies are found to be in breach of GDPR or do not follow the proper procedures following the event of a breach. According to the EU GDPR site (http://www.eugdpr.org), the new regulations have fines of up to 4% of annual global turnover or €20 million, which is enough to not only financially hurt a company, but will also draw attention to them in public for being in defiance of the law and a standard set of security and privacy regulations that organizations must comply with to ensure an individual’s data is protected.
Approach to Data/Technology Management
Much of GDPR centers around how companies are collecting, storing and using individual’s information. Under GDPR, companies must offer individuals, whose data they hold, to the right to be notified if a data breach exposes their information, the right to access their own personal data when they request it, the right to be forgotten, and the right to data portability. These new regulations will have a major impact on the strategies companies use to protect data privacy. This means organizations need to build more flexible architectures that will easily allow them to incorporate innovative technologies and security solutions that meet these new requirements. However, this can quickly become expensive and complex with updates such as legacy to cloud infrastructure overhauls and the addition of at least one or more products to enhance data protection.
Not only does this bring increased costs to how the data privacy strategies work, but it also brings in to question the management of these processes. Collaboration will be crucial when updating these policies. There needs to be coordination among the different departments in the organization from the various IT teams handling how data comes in and out of the company to the marketing department who collects data for analytics purposes. Cross collaboration will be key in ensuring the whole company is complying with GDPR, but it will most likely lead to a costly, complex strategy to update the data management across the whole company ecosystem, as well as a cultural shift in how your employees approach working with data and working and sharing data with other departments.
New Leader on Your Security Team
For companies who operate on a large scale, it will become mandatory to add a new leader to your security team: appointment of a Data Protection Officer. This new team member will have to be an expert on data protection practices, as well as be provided with all the necessary resources to comply with GDPR and maintain their knowledge on the industry. This equates to increased costs to the business with a new salary for an expert senior team member, as well as new technologies and resources needed for the DPO to carry out their job.
As organizations work toward implementing strategies to be compliant with GDPR, it is important they take in to account the implications all these changes will have organization-wide. With the need for increased budgets, personnel and technologies, the effort to become GDPR compliant must take in consideration the impact will have on the whole ecosystem and the amount of time and resources needed.
