In the movie The Matrix, there is a scene where Agent Smith has Neo by the neck as a train approaches. The dialogue that comes next is genius: "You hear that Mr Anderson? That is the sound of inevitability." In the movie, Neo is able to escape the charging train, but for many organisations that might not be the case due to two inevitabilities: cyber attacks and the EU's General Data Protection Regulation (GDPR). In the last two months, the world has experienced two major cyber attacks and the realisation that GDPR compliance is less than a year away. So, the question remains: "What can organisations do to prepare for the inevitable?"
Whether an organisation is dealing with cyber attacks or GDPR compliance, success (or failure) comes down to preparation. Before you run off and start thinking about a whole mess of shiny new security technology you should buy, take a step back and look at the most important asset: your data. Unless organisations protect their data, all the security in the world doesn't really matter. Whether it's WannaCry, NotPetya, or answering a request from a data subject to invoke the right to erasure, you need to have a handle on your data.
Meeting the latest compliance regulations and responding to cyber attacks both require nearly the same level of preparation and planning. Organisations need to first understand exactly where their data lives — including data in cloud applications and on mobile devices — in order to visualise the full scope of their data attack surface.
Once an organisation understands this, two things happen. First, they gain a more comprehensive level of visibility into their responsibilities under various compliance regulations, such as GDPR. Second, they gain an understanding of the proportionate security controls required to protect that data.
Understanding how your security controls protect your data brings you that much closer to complying with certain GDPR articles, for example:
Proper preparation requires using a combination of technology and process to recover from cyber attacks and/or be in compliance with GDPR. While there are no magic bullets and no one vendor product will solve all problems, many of the security controls required by GDPR will also be tremendously helpful in protecting corporate data from cyber attacks like ransomware. Softcat and Druva help organisations utilise technology to recover from disruptive cyber attacks, recover from breaches, and prepare for GDPR.
On July 18 at 10 a.m. Softcat and Druva will present a webinar on "Expecting the Inevitable" where we will discuss how to securely protect endpoints and cloud applications, as well as how to manage PII in line with data governance and GDPR. A recording of this webinar is available here.
Head to our GDPR hub to learn how Softcat can help you on your journey to compliance. Alternatively, speak with your Softcat account manager or get in touch using the button below.
We would love to hear any comments you have about this article!