With the latest developments in the cyber security sphere and the fines issued by the EU against the world’s leading companies due to data protection breaches, it begs the question of whether any company can literally afford the fines in the event of noncompliance with the GDPR. What is GDPR? We discuss this question and more in this GDPR Overview with Gold N’ Links Europe CEO Timi Moisis.
12 October, AtoZForex - The legislative changes are aligned with, and somewhat attempt to address the increasing and pertinent cyber threat that most businesses now face - especially in the financial sector.
GDPR Overview: Interview with Gold N’ Links Europe CEO
In a candid interview with Gold n’ Links Europe, its CEO Timi Moisis highlighted,
“The cyber threat is imminent and real. As of May 25, 2018, the financial services industry is officially on notice. The reality is that most organizations we speak to are staring straight down the watchdog’s barrels. Risk management, compliance, business continuity, disaster management, insurance and cyber security can now no longer be add-ons to an organizations infrastructure.
They must now be assimilated into operations by design. An organizations business strategy, risk, legal and cybersecurity strategies must be designed and implemented to provide a holistic approach to the risks and regulatory challenges that the financial sector now faces.
This has created a financial conundrum for the C-suite, especially in an industry of cowboys flooded with get-rich-quick Gen X’s and Gen Y’s. Directors now need to ask themselves, if they would rather stare into those shotgun barrels or ride shotgun and stare down the sights as they navigate their organizations business risks whilst adapting to legislative change in the Cyber world”.
Mr. Moisis also advised that “The challenges which organizations face in regard to the numerous legislative changes will directly affect the nature of businesses -not only in the EU but the greater world at large.”
General Data Protection Regulation: What do you know about it?
GDPR has already been enacted. There is no further legislative action required. Its enforcement will commence on the 25th of May 2018. The sizable requirements mean that GDPR will need to be, in our opinion, one of the priorities that need to be addressed together with all the other changes that are currently enjoying your priority.
The overall legislation includes, but is not limited to:
- Elements of permissions for the exact uses of the data,
- Client requests for information,
- Vulnerability testing,
- Penetration testing,
- Security risk management,
- The requirement of an independent Data Protection Officer (compliance),
- A Cyber security team,
- The obligation to inform the regulator of a breach.
Mr. Moisis explained that GDPR, MiFID II, NIS and upcoming CySEC and Cyprus regulations will change the nature in which companies acquire, use, store and manage data. Whilst some EU countries have taken a proactive approach, we have found that both legislators and organizations in the EEA are most certainly going to take a reactive stance. This means that from both a compliance and enforcement standpoint, organizations are treading in murky waters.
Costs of non-compliance
Fines have been expressly specified by the regulator for certain non-compliances to be 2% of global turnover or 10,000,000 euros whilst for others 4% of global turnover or 20,000,000 euros, whichever is higher. Also, The Gold n’ Links CEO said;
“As you can appreciate the call to action is real and the threats are tangible. Cyber security has now been elevated to board level and is now a C-suite issue. Attacks have become more sophisticated and, in our particular experiences, increasingly more common.
The reality is that most companies in the financial services sectors have been hacked and don’t even know it.
Experience has shown that the most effective, efficient and viable solution is to engage industry professionals to identify, to train, manage and assist in the issues that your organization faces.”
Cyber Risk is here to stay
As mentioned, many incidents and developments have taken place in recent years. Specifically, Cyber crime is gaining momentum globally, evidenced by statistics:
- “In Q3 2016 alone, 18 million new malware samples were captured”- Panda Labs
- “More than 4,000 ransomware attacks have occurred every day since the beginning of 2016.” - Computer Crime and Intellectual Property Section (CCIPS)
(That's a 300% increase over 2015, where 1,000 ransomware attacks were seen per day.)
- “The amount of phishing emails containing a form of ransomware grew to 97.25% during Q3 2016, up from 92% in Q1 2016”- PhishMe 2016 Q3 Malware Review
Most notable was the massive global cyber attack of 12 May 2017 that affected 74 countries. In fact, it is the most massive ransomware delivery campaign to date. In less than three hours, cybercriminals have influenced victims from 11 countries. Six hours later, people reported more than 45,000 attacks in 74 countries and the number continues to grow.
WannaCry blocks access to a computer or its files and demands money to unlock it. The ransomware attack shut down 16 hospitals across the UK after doctors could not access patient files.
There have since been consistent attacks and successful breaches of various types. Moreover, the recent Equifax breach has affected 143 million users.
Your weakest link
To further aggravate matters, a study carried out by the Friedrich-Alexander University (FAU) indicates that 78% of people claim to be aware of the risks of unknown links in emails. And yet they click anyway. Staff needs to complement Cyber Security measures – not be the weakest link in the defense.
Complete Cyber Risk solution
Gold N’ Links Europe provides solutions which cater for your Homeland, Cyber and Insurance requirements in support of your efforts to meet your legal requirements as well as defend your Company from internal and external threats. Our solutions range from Assessment tools, Legislative Compliance, Risk Management, Security Solutions, Risk and Awareness training, 24/7 Security Operations Monitoring and Response Center and Insurance.