GDPR Key Challenge For Enterprises in 2018

Iyer

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Non-compliance could cost companies dearly. However, meeting the deadline of 25th May 2018 is indeed going to be a big challenge to many companies.

GDPR type of regulation is also important for many individuals in India, but the current privacy policy in the country or lack of it is seen as a huge gap in the privacy area. As CISOs, we should be driving a proactive approach to address the security concerns and privacy requirements of individual citizens.  There is always a cost to be paid both at an individual level and as a society, whenever security breaches happen to result in data theft, and private information reaching the hands of criminals out there to make a quick buck or two.

The CISO community can report such incidents, alert the public to the extent we can detect. The goal, of course, is to prevent such breaches from happening. It is obvious that some leakages happen unintentionally and many are engineered targeting a favorable outcome to the people who cause it.

We live 24/7 in an internet connected world, sharing our information on many social media platforms. Many of the users of technology consume them as utilities, with no special knowledge of the pros and cons of their online actions, and are largely vulnerable.

The increasing menace of cyber-security breaches, resulting in personal losses, and targeted attacks, on critical infrastructures holding vast consumer data, is forcing governments in many progressive countries to actively establish cybersecurity alliances. Establishing these alliances will provide mutual defense for all countries involved and it will allow for the sharing of intelligence in the face of attributed nation-state attacks.

It is getting easier for the attackers, hackers to penetrate using IoT devices by using botnets. We are still in the dark what attackers are going to do with botnets. Efforts are put across by multiple teams to combat these botnet attacks.

Automation of threat injecting tasks is going to increase in rapid speed, lot o work is going on.There are a lot of false proof messages coming out of security tools which should be filtered and corrected by ML techniques. Security reports are very important for CISO and senior advisors to work on mitigation and contingency plans and proactively do risk assessment and management.

Third-party breaches are going to be on the verge and company’s security is good as far as its perimeter and its extended organization is considered, As for the vendors, partners they need to have a vigilant security parameter, this needs to be put into consideration at the minimal.