The Sound of Inevitability: Cyber Attacks and GDPR

Posted on Monday, July 17, 2017
Get in touch
By Andrew Nielsen
Chief Trust Officer, Druva

More News

In the movie The Matrix, there is a scene where Agent Smith has Neo by the neck as a train approaches. The dialogue that comes next is genius: "You hear that Mr Anderson? That is the sound of inevitability." In the movie, Neo is able to escape the charging train, but for many organisations that might not be the case due to two inevitabilities: cyber attacks and the EU's General Data Protection Regulation (GDPR). In the last two months, the world has experienced two major cyber attacks and the realisation that GDPR compliance is less than a year away. So, the question remains: "What can organisations do to prepare for the inevitable?"

No Preparation = No Recovery

Whether an organisation is dealing with cyber attacks or GDPR compliance, success (or failure) comes down to preparation. Before you run off and start thinking about a whole mess of shiny new security technology you should buy, take a step back and look at the most important asset: your data. Unless organisations protect their data, all the security in the world doesn't really matter. Whether it's WannaCry, NotPetya, or answering a request from a data subject to invoke the right to erasure, you need to have a handle on your data.

Preparing for the Inevitable

Meeting the latest compliance regulations and responding to cyber attacks both require nearly the same level of preparation and planning. Organisations need to first understand exactly where their data lives — including data in cloud applications and on mobile devices — in order to visualise the full scope of their data attack surface.

Once an organisation understands this, two things happen. First, they gain a more comprehensive level of visibility into their responsibilities under various compliance regulations, such as GDPR. Second, they gain an understanding of the proportionate security controls required to protect that data.

Understanding how your security controls protect your data brings you that much closer to complying with certain GDPR articles, for example:

  • To be in compliance with Article 17 of the GDPR, if an organisation is a data controller that utilises cloud services for storage of EU subject data, they are required to be able to identify, access, and erase that data when requested to do so by an EU citizen. And after a thorough review, the proportionate security controls that are put in place will allow companies to comply with Article 25.
  • In addition, Article 30 of the GDPR requires organisations to have an audit log for all data processed in that cloud application.

Proper Preparation Required

Proper preparation requires using a combination of technology and process to recover from cyber attacks and/or be in compliance with GDPR. While there are no magic bullets and no one vendor product will solve all problems, many of the security controls required by GDPR will also be tremendously helpful in protecting corporate data from cyber attacks like ransomware. Softcat and Druva help organisations utilise technology to recover from disruptive cyber attacks, recover from breaches, and prepare for GDPR.

On July 18 at 10 a.m. Softcat and Druva will present a webinar on "Expecting the Inevitable" where we will discuss how to securely protect endpoints and cloud applications, as well as how to manage PII in line with data governance and GDPR. A recording of this webinar is available here

Find out more

Head to our GDPR hub to learn how Softcat can help you on your journey to compliance. Alternatively, speak with your Softcat account manager or get in touch using the button below. 

Get in touch

We would love to hear any comments you have about this article!