The clock is ticking on new data protection regulation that has a myriad of major implications for ill-prepared organisations. GDPR, it seems, is the elephant in the room…
Worms are burrowing into businesses. Trojan horses are galloping through data centres.
In today’s digital Wild West, technological advancement is a double-edged sword.
For health sector businesses seeking to embrace the upsides, it can be the difference between life and death.
For the end-user, the digital revolution is delivering in spades.
But, for the organisations providing the services, it’s a world where risk management is king.
Health, retail, manufacturing, banking, legal, logistics, hospitality, travel, professional services…no matter what the model, the top priority is security.
And – as if the priority list wasn’t long enough already – the enforcement of the EU General Data Protection Regulation is now just 14 months away.
The regulations are an attempt to harmonise the different, often conflicting, data standards across the EU’s member states, and drive down leaks, breaches and hackings.
And the UK leaving the EU doesn’t preclude us from its far-reaching and potentially damaging implications. Bottom line? Failure to abide by its terms can result in a fine of 4 per cent of revenue.
But, despite that, more than half of all UK businesses admit they are not prepared.
Security provision is of course at the heart of any business’s GDPR readiness, but a recent study carried out by converged B2B digital comms and IT services provider Daisy Group found that more than half of businesses are not protecting themselves sufficiently.
And as cyberattacks of one kind or another rise to epidemic levels, that is a high-stakes game with potentially dire consequences.
Daisy’s Security Practice Director Walter Rossi eats, sleeps and breathes the issues.
And he says that disregarding the constant threat of cyberattacks spells almost certain catastrophe.
“For businesses to maximise the opportunities presented to them by digitisation, they have to be always on, connected, protected, and agile,” says Rossi.
“But that same digital revolution has meant that the criminals have got smarter too. They have managed to open up even more entry points through which to steal data and do fatal damage. From competitors to organised crime groups, political activists and even national governments, the threat is everywhere, and it is 24/7. You can’t see them, you don’t know who they are, and you don’t know when they are coming after you. If your infrastructure is not sufficiently protected, it can be critically compromised in just a few clicks. In short, there is nothing more important than security. What’s more, the rule is: once you are attacked, it will happen again. The bad guys know every business is potentially exposed, and there aren’t many businesses that don’t appeal to them. There is always someone finding a way round the protection. The battle between security and the criminals is always ongoing. If you think you don’t need state of the art security, you’re likely to be more exposed to cyber threats than those who recognise its need. However, even buying the most expensive solution there is, will not give you the 100 per cent security. The reality is that there is no 100 per cent.”
The answer has to be digital business resilience: the ability to allow your customers to consume services they want, with the peace of mind that you have protection, plus a joined-up back-up plan to keep your ‘always on’ promise.
Think: a mix of the right kind of anti-attack provision – managed and monitored by experts – coupled with a tailored and comprehensive business continuity plan to cover all eventualities. Source it all from a single provider that knows your business like their own, and you go a long way towards mitigating effectively against the worst case scenario.
“One of the most severe threats faced by businesses of all size is DDOS (Distributed Denial of Service)”says Rossi. “Depending on the level and quality of protection deployed, most are dealt with before they are able to do any damage. But the fall-out might be that a businesses is kicked off its network for a period of time while the attack is mitigated. Whilst the denial is the most important bit, the resulting impact can also have more serious implications, especially when used as a distraction to compromise or leak company data. To deny an attack AND remain connected and secured is the obvious desired situation. To deny an attack, remain connected and secured, but also have the added safety net of a robust and cost-effective business continuity provision if things don’t go to plan is the nirvana. It’s about deploying the appropriate solution with the intelligence and analysis of modern systems, managed around the clock. Tools such as Advanced Threat Management with correlation of multi-sourced intelligence feeds that can help you protect your business. That type of approach gives us the capability to cut through the noise and provide real protection.”
To crack that technological nut, the best providers work with the best partners. Daisy, for example, collaborate with security industry leaders F5, Arbor and Cisco. Together, they offer digital businesses a unique product: embedded in the network and quietly waging a 24/7 war with cyber threat.
It is the kind of investment that impregnates the network with the intelligence it needs to deal effectively with the threat, whilst simultaneously delivering that gold ‘always on’ standard.
“It’s true end-to-end protection,” says Rossi. “The DISCOVERY of risk based on understanding the customer’s actual exposure; providing the PREVENTION tools to help manage that risk; and then educating in how to react when the risk is exposed. Then it’s about having a RESPONSE plan supported by vigilant monitoring of the network, teamed with incident response, the intelligence of the data analysis, and then the business continuity back-up. All from a single provider, and all on one accurate bill. The archetypal one stop shop. No-one else can deliver that.”
It’s as close to a silver bullet as it gets.
It’s about thinking the same way, and at the same pace, as those plotting against you.
It’s about discovering the full extent of a customer’s online presence – their number of IP addresses, domain names, email accounts etc. – identifying the likely breach points, and correlating device logs with threat advisories issued by vendors and security groups
And then it’s about silently watching closely, every second of every day. And then thwarting, ruthlessly and cost-effectively.
Put simply: being ahead of (or at least in) the game.
“Businesses crave confidence when it comes to this stuff,” concludes Rossi. “It’s not surprising that they want to entrust it to people with the tools and the systems and the expertise. But they also want to feel the love of an enterprise-class service wrap too. Guess what…security just got exciting. And it’s about time too.”