Data Backup Digest

It seems to be a regular occurrence that another company has had their data breached. Customer data exposed, internal emails leaked, corporate documents unleashed. In a world full of data, it seems like something needs to be done to help protect businesses and consumers from losing their privacy. Are governments the right groups to help combat this?

It’s predicted that the federal cybersecurity market in the U.S. alone will grow from $18 billion to $22 billion from 2017 to 2022. It’s clear there’s a demand for businesses to protect their data – and rightly so, since breaches are becoming increasingly common. If you’ve ever found out that your information has been compromised after signing up to a service, you know the feeling. But consider how many times that data has attacks attempted on it.

Endpoint network security has come in favour over perimeter, but even that’s not good enough to cater for the data threats many are faced with today. The problem isn’t so much that hacks have become more advanced, although that too is true, but also because of the internet of things. So many of our devices are now storing data and connected to the internet which, cycle back five or ten years ago, they never used to do.

Take a company like D-Link, for example, who produce IP cameras, baby monitors, routers, and more. Products designed to hook into home networks. Their advertising seemed to make it clear that they cared about the security of these products. But a suit by the Federal Trade Commission found otherwise; not only were their claims false, but they also failed to take simple steps to combat well-known and preventable flaws.

Governments are attempting to step in and force businesses to rethink security. The EU General Data Protection Regulation is one such example, a scheme which aims to create a single security, retention and governance legislation across all member countries. According to the EU, it’s the most important change to data privacy regulation in two decades.

Any business that processes data of people in the EU, no matter where the business itself is located, must comply with this. And they only have until May 2018 to put this into effect. Failing to do so will result in a 4 percent revenue or €20 million fine – whichever is bigger.

What exactly does this regulation ensure? It requires more oversight on where sensitive data is stored. Many businesses will need to appoint a data privacy officer who reports to a regional authority, to ensure that data is stored as securely as possible. EU residents secure new rights, like the ability to have their data completely wiped and to be notified within 72 hours if their data has been breached.

The Global Databerg Report has found that 54 percent of businesses aren’t ready for this to take effect or haven’t advanced their plans. The thing is, these businesses care about data security – it’s their reputation on the line. But it requires them to rethink their infrastructure and processes; they might lose visibility of their data or it might be too fragmented. Some will need to overhaul.

Nevertheless, this seems like a good and worthwhile thing to do. Data security needs an overhaul, for the protection of everyone, and strict legislations like the one imposed by the EU will force businesses to keep things safe.