Cloud Backup

We`re just sending through your details

Please give us a few moments whilst we get your account ready.


How Will The GDPR Affect Cyber-crime?

How Will The GDPR Affect Cyber-crime?

posted in RansomwareGDPR ● 6 Mar 2018

GDPR, the general data protection regulation, is set to change data protection laws forever, as of May 25th, 2018. The regulation aims, in part, to strengthen the protection of information and reduce the threat of a data loss or breach, such as those masterminded by cunning cyber-criminals. So, should cyber-criminals be worried about the effects of the regulation on ‘business’?

Cyber-crime is simply any criminal activity that occurs by means of computers of the internet’

Among many forms of cyber-attack, different methods can be used to differing effect, some to extort profit and others more likely to cause damage or downtime. Complex cyber-attacks will incorporate several stages and can often last several months. In December 2016, a few days before Christmas, hackers were able to successfully cause a power outage in a region of the Ukraine, causing almost 250,000 people without power supplies. The cyber-attack had taken months of planning and involved a phishing scam as well as systems being hacked, and code rewritten. Some of the most common forms of cyber-attack include:

  • Malware strains
  • Phishing attacks
  • Worms
  • Denial of Service (DoS) attacks

Breaches, cyber-attacks and how organisations should react

Importantly under the GDPR, organisations have a legal responsibility to report data breaches, which hasn’t always been the case. Several high-profile cyber-crimes throughout 2016 and 2017 remained unreported for months or even years, with the organisations who’d been hit choosing to try and cover up the data loss. Included in this list of organisations is Uber, Yahoo and Equifax.

Under the GDPR a Personal Data Breach is classified as‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’.

If cyber-criminals are successful in an attack, organisations will now have to report the breach within a 72-hour period of discovering it. The ‘breach notification’ must be shared with the relevant information regulatory authority, such as the information commissioner’s office (ICO) in the UK. Information included in the notification should include who has been affected, what data has been lost and what the likely outcome of the data loss may be – all these factors will contribute to what penalty is given by the authority, if one is given.

Uber’s breach report running late

The app may be good at letting customers know if drivers are running behind schedule but when it came to the company reporting a data breach that had affected some 50,000,000 customers, not so much. In October 2017, the company reported the breach, announcing that a total of 57 million drivers and customers had their personal information stolen in a hack that took place a year prior. Corporate systems had not been accessed.

Will there be more or less attacks?

Cyber-criminals are unlikely to see the regulation as any sort of deterrent. Ransomware attacks, hacks and other cyber-attacks are already against the law and while some attackers have been tracked down, cyber-attacks are often relatively untraceable. The number of attacks has been rising steadily over the past few years and with infections being launched from malicious emails or webpages they can be simple to put together. However, a recent report published by trend micro predicts that 2018 will see an overall decrease in attacks with a higher concentration of strategic attacks, designed to improve return on investment.

Organisations are likely to have improved data management and protection processes in place to ensure compliance with the regulation. These, in theory, will decrease the risk of a data breach, whether accidental or due to a cyber-attack. If successful attacks do take place however, cyber-criminals may be able to demand high ransoms due to the fines that can be given by authorities for a breach.

Whether or not cyber-criminals are able to find ways to continue breaching systems after the GDPR takes effect, organisations need to ensure best practice data management is followed and that data is securely protected always. Methods of protection include encryption and it is vital that organisations have a full, off-site backup of data that can be recovered from in a disaster.

Bocada support for Redstor improves backup monitoring and revenue opportunities for MSPs

Reading, United Kingdom, September 23, 2021Redstor, a global data management and protection SaaS business, today announced a partnership with Bocada LLC, an award-winning IT automation company, to provide MSPs with greater visibility over customer environments and increase their revenue opportunities. 

Continue reading

XTECH and Redstor enter strategic partnership

Reading, 15 September 2021 – Redstor and XTECH announce a strategic partnership to protect customers’ traditional infrastructure as well as cloud and SaaS data from a single app.

Continue reading

Redstor listed as 2021 finalist in PCR awards

Reading – 13 August 2021 – Redstor has been shortlisted in the PCR awards for Security Software Vendor of the Year.

Continue reading