GDPR: The countdown to the new data rules is on and everyone wants to avoid fines
Cyber armageddon, data disasters, hacking horror stories - barely a week goes by without a new vulnerability or threat making the headlines, and that’s just the ones that make the papers.
These threats are seemingly everywhere and as Irish businesses become increasingly digital, that will only increase.
Today’s attacks are more effective than ever.
As over 80pc of the world’s internet traffic touches Cisco technology, we are able to see and stop more threats a day than Google sees searches. Yet we’ve observed a two-fold increase in malicious web traffic in the last 12 months.
This, alone, demonstrates that cyber adversaries continue to learn and evolve. Attackers are constantly innovating, employing more sophisticated techniques to compromise organizations and gain access to other parts of the network and sensitive data including proprietary information, trade secrets, and of course financial information.
Threats have evolved to the point that it’s no longer feasible to build a moat and defend the perimeter.
A significant number of services and applications are using encryption as the primary method of securing information.
As a result, encrypted traffic has increased by more than 90pc annually, with more than 40 percent of web sites encrypting traffic in 2016 versus 21pc in 2015.
Encryption technology has enabled much greater privacy and security for companies and individuals that use the Internet to communicate and transact business online.
Mobile, cloud and web applications rely on well-implemented encryption mechanisms that use keys and certificates to ensure security and trust, however, businesses are not the only ones to benefit from encryption. Threat actors have leveraged these same benefits to evade detection and to secure their malicious activities.
Thanks to encryption, attackers can now break into the network and stay undetected for months. It takes companies, on average, between 100 and 200 days to detect an attack because 80 percent of security systems do not recognize or prevent threats within SSL traffic. There is an answer. If you can identify threats inside encrypted traffic, as we have done with our Encrypted Traffic Analytics (ETA), you can stop them. ETA allows organizations to leverage the network to find malicious activity in encrypted traffic, looking for tell-tale signs in the features of encrypted data to detect malwares, without data decryption.
This is all a problem for the IT team to deal with though, surely? It may be them that has to fix it, but it’s just as likely that you are part of the cause. Anything that connects to your network poses a threat. The devices used by your employees, the Internet of Things (IoT) sensors in your warehouse, or the connected TV on the wall in reception. Yes, they will help revolutionise your business (maybe not the TV), but each new user and device that is connected to the network increases complexity and the potential attack surface. The only way that you’ll be able to truly benefit from this new tech without the fear that it is in fact making you more vulnerable, is to be able to see and act on what’s really going on in the network.
Consider these statistics: 63m new devices will be attaching to enterprise networks every second by 2020 (Gartner) – that’s a lot of information traversing the internet, 55pc of that traffic is being encrypted and that number is expected to increase to around 80pc by 2019 and 70pc of attacks will use encryption in 2019.
Cisco's approach is to make the network technology that you use transparent and intuitive; constantly learning, adapting, automating and stopping threats to ultimately protect against today's evolving threat landscape.
With a rising number of data protection laws, including the General Data Protection Regulation, it is becoming critical for enterprises to be able to detect and isolate an attack as quickly as possible.
As we enter the home stretch of the GDPR countdown, with less than two months to go, everyone wants to avoid the substantial fines (upwards of €20m or 4pc annual global turnover, whichever is higher) and other penalties.
But the benefits of good data privacy processes extend well beyond avoiding these fines and penalties.
The protection of personal data is a key element to winning customer trust as a digital enabler in a data-centric economy.
The digital economy can only flourish when you connect people, process, data and things in an ethical, meaningful, secure way, in a secure environment in which everyone has trust in the safeguarding of their data.
To fully protect personal data, we come back to visibility. Companies must know what data is being collected, how it is being collected, what is being done with it, who is processing it and where, and how it stays protected – whether at rest, in use, or in motion.
Everything that you do as an individual or business likely touches Cisco; whether the phones in your office – or that of your doctor’s receptionist - your mobile network, or the infrastructure behind the cash machine you just used. That puts us in a position to help.
We take pride in being able to educate and provide businesses with the solutions and best practices required for effective cybersecurity. We are assisting our customers in their journey by delivering solutions that are respectful of data protection requirements and with our portfolio of security products to support the prevention, detection and response in the event of breach.
We have been securely connecting the unconnected in Ireland for the past 20 years and look forward to the opportunities that lie ahead.
Paul Kavanagh is country manager at Cisco Ireland. The Dublin Data Sec 2018 conference, with a focus on the GDPR takes place on Monday April 9 at the RDS.