Do you know where Personal Identifiable Data is hiding?
I am sure that most business people has come across the GDPR challenges of 2018, in particular with the new legislations in place. The ambiguity in how to ensure compliance hereof and the investments in meeting the requirements can be astronomic.
The legislation however only touches upon a fraction of the Personal Identification Data (hereafter PID) challenges and attempt of giving consumers back the control of their PID. As we have seen in many other topics, changing legislation does not educate, equip, nor enable companies to comply and the consequences of non-compliance can be substantial.
We all heard of multiple breach stories with everything from;
- Aadhaar with the data breach, believed to have compromised the personal information of all 1.1 billion citizens registered in India.
- Facebook and Cambridge Analytica with at least 87 million records breached (though likely many more)
- Under Armour with upwards of 150 million MyFitnessPal users are believed to have had their information compromised in the data breach
These are just a few 2018 examples and many more can be added to the list, but is beyond the purpose of this post.
Interesting facts when it comes to threats:
“EXTERNAL THREAT IS ONLY 35% OF THE PROBLEM”
64% of business owners reported that negligent insiders are the root of most data breaches.
It takes an average of over two months to contain an insider threat. Only 16% were contained within 30 days.
Since 2016 the average number of incidents involving negligent employees and contractors has increased by 26% & 53% for criminal and malicious insiders.
The average number of credential theft incidents has more than doubled over the past two years, increasing by 170%.
COMMON EMPLOYEE ERRORS THAT LEAD TO DATA BREACHES
- Falling for a phishing scam. 30% of these messages were opened and 13% went onto clicking the malicious link.
- Losing a laptop. 39% go missing from the work area and 34% from a vehicle. (Passwords won’t save you)
- Unauthorised Access – Information theft can occur when employees have unnecessary access to information, or access that isn’t stopped when they leave the organisation.
- Procedural Failure. Almost 50% of organisations state ‘human error’ or ‘lack of knowledge’ around information security, which often leads to sending sensitive information to the wrong person.
- Passwords. A Verizon report showed that 63% of breaches involved weak, stolen or default passwords.
IMPLICATIONS OF THE LEGISLATION
- Applies to ALL businesses handling PID
- Penalties non-compliance could cost an organisation upwards of €20M or 4% of global turnover, whichever is higher.
- Critical data can easily look through documents and emails, posing a threat to regulatory compliance and business success.
- Data Protection Impact Assessments (DPIA) are necessary to prove that companies have considered the implications.
Going beyond the legislation and addressing other risks:
- Business Critical Information
- Internal Compliance (GDPR)
- Payment Card Information
- Behaviour Analytics
- Security Violations
- Fraud Detection
Nexus International and DDC-AS have joint in a strategic partnership in addressing these issues. The partnership ensures a joint solution, addressing all of the above mentioned risks, through a hybrid approach of consulting and software. Contact us to learn more and book a demo