Uber Hack Means No Time to Waste When it Comes to GDPR Prep
It’s tough to see the timing of the recent Uber attack as ‘lucky,’ but the General Data Protection Regulation (GDPR) to take effect in May will increase the price tag of hacks like these by more than a few million euros.
When the EU General Data Protection Regulation (GDPR) goes into effect on May 25, 2018 organizations will have just 72 hours to report detected breaches to the relevant authorities. Failure to do so could result in a significant fine up to €20 million or 4 percent of total annual sales, whichever is greater.
In reality, enterprises that do business with EU citizens have 6 months to come up with a real attack remediation strategy but data shows that this investment isn’t happening. With companies spending 50 times more budget on the prevention of cyber attacks as compared to remediation, and the volume of successful breaches increasing, it’s only a matter of time.
Nearly All Global Enterprises Potentially Affected
What does this mean for the enterprise? The UK business media outlet Campaign puts the additional cost of the recent Uber hack at the €20m point. According cyber law barrister, Dean Armstrong it isn’t just EU-based enterprises at risk but any global company that does business with EU citizens.
“The regulations will apply to any EU citizen’s data. Assuming that at least some of the 50 million records hacked were of EU citizens, then under the new rules GDPR would potentially see Uber punished under EU regulation,” says Armstrong.
At this point any enterprise that does business with the EU should be prepared to effectively detect breaches, and then understand what has been affected. The Mandiant M-Trends 2017 report currently puts the median number of days that attackers were present on a victim’s network before being discovered at 99 days.
If an organization is currently only detecting at 99 days, they will need to take a two-part approach to:
• Actively reduce breach-detection time
• Ensure improved visibility into hacker activity during this time
Why Network Teams are Key to Breach Detection
Network teams can play an instrumental role in improving detection of abnormal traffic through:
• Maintaining reports of normal IP spreads
• Understanding typical network and application behavior
• Developing benchmarks for expected application response times and traffic volumes
Understanding what is normal network behavior makes flagging anomalous activities easier, while having access to the right data can help exonerate organizations in court.
More Focus on Remediation is Critical
Additionally, IT teams need to investigate and reconstruct security breaches to identify attack details and compromised resources. Security tools are typically not going to have the granular data needed to fully piece together what happened when a breach occurs.
Even network monitoring tools are not going to have that data unless they are packet-based (rather than just collecting metadata) and feature robust storage with their analytics. VIAVI Observer network performance management platform with GigaStor does have the capability to bridge that gap.
All the analytics are derived from packet data. With days, weeks, even potentially months of traffic captured, large enterprises can “rewind” to the time of the attack and verify what (if anything) on the network has been compromised. That evidence can be used by the security team and network team alike. If the worst should occur and an attack gets by the prevention effort of intrusion detection then there is still hope.
Paying off hackers is not the solution to the problem. With the right security and monitoring solution in place, enterprises, their customers, and their stockholders can rest (a little bit) easier.
Learn more about GDPR compliance for your organization in this helpful on-demand webinar, GDPR Boot Camp.