Cloud Backup

We`re just sending through your details

Please give us a few moments whilst we get your account ready.


How Will The GDPR Affect Cyber-crime?

How Will The GDPR Affect Cyber-crime?

posted in Ransomware ● 17 Sep 2017

GDPR, the general data protection regulation, is set to change data protection laws forever, as of May 25th, 2018. The regulation aims, in part, to strengthen the protection of information and reduce the threat of a data loss or breach, such as those masterminded by cunning cyber-criminals. So, should cyber-criminals be worried about the effects of the regulation on ‘business’?

Cyber-crime is simply any criminal activity that occurs by means of computers of the internet’

Among many forms of cyber-attack, different methods can be used to differing effect, some to extort profit and others more likely to cause damage or downtime. Complex cyber-attacks will incorporate several stages and can often last several months. In December 2016, a few days before Christmas, hackers were able to successfully cause a power outage in a region of the Ukraine, causing almost 250,000 people without power supplies. The cyber-attack had taken months of planning and involved a phishing scam as well as systems being hacked, and code rewritten. Some of the most common forms of cyber-attack include:

  • Malware strains
  • Phishing attacks
  • Worms
  • Denial of Service (DoS) attacks

Breaches, cyber-attacks and how organisations should react

Importantly under the GDPR, organisations have a legal responsibility to report data breaches, which hasn’t always been the case. Several high-profile cyber-crimes throughout 2016 and 2017 remained unreported for months or even years, with the organisations who’d been hit choosing to try and cover up the data loss. Included in this list of organisations is Uber, Yahoo and Equifax.

Under the GDPR a Personal Data Breach is classified as‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’.

If cyber-criminals are successful in an attack, organisations will now have to report the breach within a 72-hour period of discovering it. The ‘breach notification’ must be shared with the relevant information regulatory authority, such as the information commissioner’s office (ICO) in the UK. Information included in the notification should include who has been affected, what data has been lost and what the likely outcome of the data loss may be – all these factors will contribute to what penalty is given by the authority, if one is given.

Uber’s breach report running late

The app may be good at letting customers know if drivers are running behind schedule but when it came to the company reporting a data breach that had affected some 50,000,000 customers, not so much. In October 2017, the company reported the breach, announcing that a total of 57 million drivers and customers had their personal information stolen in a hack that took place a year prior. Corporate systems had not been accessed.

Will there be more or less attacks?

Cyber-criminals are unlikely to see the regulation as any sort of deterrent. Ransomware attacks, hacks and other cyber-attacks are already against the law and while some attackers have been tracked down, cyber-attacks are often relatively untraceable. The number of attacks has been rising steadily over the past few years and with infections being launched from malicious emails or webpages they can be simple to put together. However, a recent report published by trend micro predicts that 2018 will see an overall decrease in attacks with a higher concentration of strategic attacks, designed to improve return on investment.

Organisations are likely to have improved data management and protection processes in place to ensure compliance with the regulation. These, in theory, will decrease the risk of a data breach, whether accidental or due to a cyber-attack. If successful attacks do take place however, cyber-criminals may be able to demand high ransoms due to the fines that can be given by authorities for a breach.

Whether or not cyber-criminals are able to find ways to continue breaching systems after the GDPR takes effect, organisations need to ensure best practice data management is followed and that data is securely protected always. Methods of protection include encryption and it is vital that organisations have a full, off-site backup of data that can be recovered from in a disaster.

Cyber-attack on The Works is a warning to others

The recent cyber-attack on discount retailer The Works, emphasises the need for organisations of all sizes to invest in ransomware prevention measures.

Continue reading

Redstor Appoints Channel Leader Mike Hanauer as CRO to Spearhead Global Sales Expansion

Reading, April 28, 2022 – Redstor, the cloud-first backup platform of choice for MSPs, today announced the appointment of accomplished channel sales executive Mike Hanauer in a newly created role of Chief Revenue Officer (CRO). Known across the market for his revenue-generating successes with top data protection, recovery and security companies, Hanauer will spearhead global expansion plans for Redstor’s category-leading SaaS platform.

Continue reading

What is the Digital Operational Resilience Act?

The Digital Operations Resilience Act (DORA) is the European Union’s attempt to streamline the third-party risk management process across financial institutions.

Continue reading

Download The Ultimate MSP Growth Guide

  • This field is for validation purposes and should be left unchanged.