By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    Promising Benefits of Predictive Analytics in Asset Management
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: GDPR Fines, Ransomware, and Cybersecurity: What You Need To Know
Share
Notification Show More
Latest News
ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing
become a data scientist
Boosting Your Chances for Landing a Job as a Data Scientist
Jobs
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Best Practices > GDPR Fines, Ransomware, and Cybersecurity: What You Need To Know
Best PracticesBig DataData ManagementExclusiveInternet of ThingsPolicy and GovernancePrivacySecurity

GDPR Fines, Ransomware, and Cybersecurity: What You Need To Know

Ryan Kade
Last updated: 2018/07/17 at 6:07 PM
Ryan Kade
9 Min Read
GDPR and security
Shutterstock Licensed Photo - By Inspiring
SHARE

The GDPR (General Data Protection Regulation) was developed a few years ago to replace the Data Protection Directive of 1995 in the European Union. After years of revisions, it finally took effect in May. The regulatory framework was enacted to protect the privacy of EU citizens, with GDPR fines and other regulations helping to maintain the rules. It is a noble goal and will likely have a number of positive benefits. However, it may also create a new set of risks that security experts and crisis management teams will need to prepare for. One of them is the likelihood that GDPR ransomware threats are going to rise.

Contents
Will the GDPR put companies on high alert about possible new ransomware attacks?Organizations must take sensible precautions to avoid this dilemmaReset your routerUnderstand the importance of IoT managementMake sure that software is regularly patchedMake sure that your data is regularly backed upHave automated content scanning controls in placeBe very careful using public Wi-Fi connectionsRemain Aware to Stay Safe

Will the GDPR put companies on high alert about possible new ransomware attacks?

Ransomware has become a very serious threat. According to CSO Online, the global costs exceeded $5 billion in 2017. A number of factors have played a role in driving the explosive threat that it poses to organizations of all sizes.

Most laymen wouldn’t attribute the GDPR to an increase in ransomware attacks. However, some of the most astute cybersecurity experts have made this link. The potential for GDPR extortion is worth putting on your radar.

Trend Micro is one of the most prominent organizations to make such a bold prediction. According to a speculative post they published last December, a growing number of ransomware attackers are going to calculate the likely fine a company would face under the GDPR before issuing their demands. They will probably set their ransom demands just under the penalty threshold they would face. The likely outcome is that many companies would make the payment and never report the incident, for fear that EU regulators might find out and impose GDPR fines on top of it.

More Read

cybersecurity simulations

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices

A Guide to Using XDR Threat Protection to Stop Data Breaches
Anti-Spoofing is Crucial for Data-Driven Businesses
Four Strategies For Effective Database Compliance
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI

Other experts have claimed the opposite is likely to occur. They cite a provision in the GDPR that requires organizations to report any security breach, even if the impact is minimal. However, the likelihood that they will follow through on reporting could be low, regardless of the merits of the law.

Some organizations may decide that the risk of being fined is greater than that of quietly breaking the law and sweeping a GDPR ransomware incident under the rug. Also, they may make the argument that the ransomware infection does not qualify as an actual security breach. Some lawyers could argue that ransomware generally locks devices or freezes servers, but does not actually purloin encrypted data, therefore it would not actually qualify as a breach and does not need to be reported.

These threats may be especially effective against very small and home-based businesses. Unfortunately, a growing number of malicious actors are targeting these types of businesses, and GDPR extortion is plausible.

VPNFilter malware attacks are among the biggest threat to home-based businesses. They are specifically designed to infect home Internet routers and small office networks. According to the United States Computer Emergency Response Team, this type of attack has created a number of risks in addition to malware, including:

  • Temporarily or permanently destroying sensitive information
  • Disrupting operations by crashing the network
  • Forcing organizations to spend thousands of dollars or more on file and system restoration
  • Potential causing irreparable harm to the company’s image after the attack was orchestrated

This can be a huge concern for businesses of all sizes. GDPR ransomware attackers realize that home businesses cannot afford anywhere near the fines that the GDPR calls for and will act accordingly.

Organizations must take sensible precautions to avoid this dilemma

Ransomware attacks are likely to increase in the coming years, especially as EU regulators become more stringent about enforcing their policies. Organizations of all sizes must recognize that they may be put in a place where they need to choose between paying the ransom or accepting a fine for failing to meet compliance standards. The regulators may act with leniency, especially if the company is small. However, they should not operate on the assumption that they will get off with a mere slap on the wrist. On the other hand, they should consider the possibility that malicious hackers may continue to organize such attacks as long as they feel there is a chance that the company is in violation of GDPR requirements.

The only guaranteed solution is to make sure the network is strongly defended to prevent a ransomware attack—or any subsequent GDPR extortion—in the first place. Here are some precautions that can help them.

Reset your router

The VPNFilter attacks were organized against businesses with routers that had not been updated for quite some time. Resetting the router could significantly reduce the threat of these attacks. Of course, there are other forms of malware that exploit other vulnerabilities. However, fixing all weak points in your security infrastructure is key, so it is important to address every possible port through which a ransomware attack may be carried out.

Understand the importance of IoT management

According to Cloud Management Suite, securing IoT devices is one of the most important steps to prevent ransomware attacks. Recent figures show that 10% of ransomware attacks against SMBs are targeted at IoT devices. They should keep the IoT network architecture as simple as possible and regular monitor all incoming and outgoing data on all IoT devices to look for threats.

Make sure that software is regularly patched

Hackers take time to understand the flaws in every application they can exploit. The older an application is, the more time they will have had to uncover them. This leaves you vulnerable to attacks. Make sure that your software is patched to prevent this from happening.

Make sure that your data is regularly backed up

Since most organizations carefully encrypt their data, they are not so worried about hackers stealing and releasing it. Although some ransomware attacks do this, the majority threaten to destroy files instead. You can nullify their threat by making sure that your data is carefully backed up on another server that they will not have access to.

Have automated content scanning controls in place

It is vital that you regularly scan incoming emails for all known malware threats. Email is one of the most common ways to distribute malware.

Be very careful using public Wi-Fi connections

Hackers often spoof hotspots to trick people into providing information through them. Make sure that you carefully verify any hotspot that you’re using to prevent them from getting access to your machine.

Remain Aware to Stay Safe

While the threat of ransomware is never fun to think about, it doesn’t need to rule your life either. It’s simply a matter of being as aware as possible and taking whatever precautions you can to decrease your odds of getting hacked, and to keep your data secure. Hopefully, GDPR’s benefits will far outweigh the risks.

TAGGED: #GDPR, cybersecurity, data security, ransomware, security
Ryan Kade July 17, 2018
Share this Article
Facebook Twitter Pinterest LinkedIn
Share
By Ryan Kade
Follow:
Ryan Kade is the editor overseeing contributed content at Smartdata Collective and contributes weekly column.

Follow us on Facebook

Latest News

ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id=”1616″]

You Might also Like

cybersecurity simulations
Artificial IntelligenceExclusiveITSecurity

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices

7 Min Read
data breach issues
Security

A Guide to Using XDR Threat Protection to Stop Data Breaches

6 Min Read
anti-spoofing tips
Security

Anti-Spoofing is Crucial for Data-Driven Businesses

6 Min Read
database compliance guide
Data Management

Four Strategies For Effective Database Compliance

8 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?