Almost two years ago, the European Union signed the General Data Protection Regulation (better known as the GDPR) into law, allowing for a 24 month period before the regulation would become binding to allow organisations and businesses time to comply with its requirements. At the time of writing, the GDPR will come into force in just eight days, a thought which may strike fear into the hearts of many business owners who are not going to be fully compliant by the deadline. So what exactly is going to happen, come Friday the 25th of May? We’ve taken the time to compile some information and predictions to help cut through the noise and focus on what’s important.
We’ve all seen the headlines when a large multi-national corporation suffers a data breach, but are small businesses able to ‘fly under the radar’ for cyber crime? Well, according to Verizon’s annual data breach incident report, the opposite may be the case. While large organisations make headlines, the report found that 58% of data breaches actually occurred in small and medium-sized companies.
“Many small businesses don’t have the resources focused on security and training, and employees are not cognizant of being at risk,” according to the Vice President of Experian Data Breach Resolution, Michael Bruemmer. “Some of these businesses, especially startups, may have no or small revenue, but they may be processing credit cards or holding personal data for other companies, and they don’t realize they have to protect it.”
Half of all cyber attacks are currently believed to target small businesses (Source: Verizon Annual Data Breach Report)
It’s been a bad year for Facebook so far. They recently revealed that they may have improperly shared the details of 87 million users with a third-party, the now-infamous political consulting firm Cambridge Analytica. Then, on Wednesday, Mark Zuckerberg himself admitted during a press conference that “malicious actors” may have took advantage of Facebook to obtain the public data of all or most of Facebook’s 2.2 billion strong user base.
Social Engineering is becoming a larger problem for businesses and consumers alike over the past years. So what does it mean if cyber criminals have access to your public data?
An Post has admitted to a data breach which resulted in the data of up to 8,000 customers being provided to a third party without their knowledge or consent. The breach took place between April 2016 and September 2017, and involves the data of customers who used An Post’s online mail redirection service. An Post discovered that it had inadvertently shared these details with a Dublin-based marketing firm, Precision Marketing Information Ltd, who updated users’ details with companies they had previously done business with.
Up to 8,000 customers’ data was sent to a third party marketing company, allowing businesses that had previously contacted them to market to them at their new addresses
Trend Micro, one of the largest cyber security firms in the world, has released their annual security roundup report, and the results show some alarming trends. With the GDPR upcoming, cyber criminals have been refining their techniques in order to increase their financial gains, moving away from exploit kits which can be an unpredictable earner, to more reliable tactics such as business email compromise, phishing and spam, ransomware, and the relatively new threat to businesses, malicious crypto-currency mining.