Eskenzi PR Eskenzi PR
  • About Us
Friday, 23 April, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

72 hours and counting: The role of AI in GDPR

by The Gurus
January 22, 2018
in Editor's News
Share on FacebookShare on Twitter

Written By  John Titmus, Director, EMEA – Sales Engineering, CrowdStrike

The need to be GDPR-ready may be attention-grabbing right now, but turn this on its head; would you rather be compliant or protected against breaches? If you more concerned about compliance without understanding the role of security and protection, you may face the ticking of the breach notification clock – 72 hours and counting and the related penalties associated . 

 

Compliance does not equal protection

Fear can be a positive emotion, preventing us from straying into dangerous situations, but it can also be crippling – stopping us from pursuing the correct course of action when required. With the looming GDPR deadline, are businesses seeing compliance as a tick box only activity, or should they be seeing the new regulations as an opportunity to improve their defences against an unprecedented rise in cyberattacks?

A ‘tick box’ mentality might help achieve compliance within the requirements of GDPR, but there is much more that they can do to abide by its spirit. What does that tick in the box really mean? When can you start to celebrate? The truth of the matter is, you are only compliant for that brief moment in time.

Businesses need to demonstrate more than mere compliance: they need to show that they are sophisticated enough to deal with any breach that occurs, and have the right processes in place to minimise the damage and effectively report the extent of the breach. Stating you were compliant when a breach happened doesn’t protect your organisation or your customer data.

 

Beyond compliance

One of the most high-profile recent breaches – targeting Equifax – highlighted the reputational damage that delayed breach notifications can cause. Under GDPR, any delay will come with a hefty financial cost. The penalties for non-compliance with GDPR are well-known – a fine of up to 4% of revenue or €20m, whichever is the greater. An organisation can still be compliant yet suffer serious financial and reputational consequences from a breach that goes undetected. It’s therefore incumbent upon any organisation to ensure they are not only compliant, but always prepared for any breach. And the only way to build the right defences is to take the focus away from the breach and re-direct it to stopping the malware and demonstrating that you have mature processes in place to help detect, prevent and respond.

 

The Role of AI in GDPR

The key to defeating cyber attackers is to master huge volumes of data about threats in real time; and this simply isn’t possible without the use of AI due to the volumes of data that need to be processed. To give you an idea of the scale of the analysis, CrowdStrike collects and analyses around 67 billion events every single day. AI is used to access and contextualise all this data in under five seconds providing a real-time view of current threats, organisations need to be protected from.

The real essence of GDPR lies in the ability to demonstrate maturity from both a technical and process perspective, to be able to deal with a breach, should it occur. Harnessing technologies that use automation to operationalise data and artificial intelligence (AI) will make a big impact and also help to approach GDPR with a proactive ‘stopping malware’ mind-set.

AI can provide the ability to scale, provide visibility and therefore protect us at speed, as time can be the enemy. Used intelligently, AI enables us to see what’s happening in the world at any given moment, and to interrogate data to identify indicators of attack (predictive methods) as well as indicators of compromise. When combined with machine learning, it’s an incredibly powerful capability in the fight against hackers; constantly collecting, analysing and adapting security algorithms. Without the ability to understand if there are indicators of compromise in real-time, you will never be able to establish IT hygiene and, more importantly, have a security posture that is ready to face any future threats.

 

From compliance to security hygiene

Organisations also need to invest in processes to protect data and identify how that data is being accessed. Early warning systems that detect intrusions by external threat actors or insiders trying to gain unlawful access are key – but so are established guidelines for how to respond to a breach, such as isolating infected devices, remediating the estate, and working with legal and PR to formulate the right public response.

Preventative measures are also a fundamental part of the approach. With the rise in IoT, organisations should question which devices are WiFi-enabled and if they really need to be connected. Simple measures like this can ensure that they minimise the chance that they are compromised or become vectors for an attack.

We see this as ‘security hygiene’; a posture that focuses on cross-organisational measures to combat breaches, rather than a narrow focus on point security such as AV or endpoint protection.

 

Conclusion

Organisations should not fear the 72-hour deadline for breach notification but use this as an opportunity to review their existing processes and security. Achieving this target might mean that an organisation protects itself from huge fines mandated under GDPR, but it also provides the opportunity to make those updates to their technology and processes that may be overdue; being able to discover indicators of attack in real-time and prevent a breach. This might sound like another impossible requirement to add to the already stringent demands of the GDPR, but in fact the right tools and processes, can achieve this easily.

Don’t let fear be your motivation for achieving GDPR compliance. Instead, focus on how your business can give itself – and its customers – the best protection possible.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: aiCybergdprsecuritytech
ShareTweetShare
Previous Post

Learning to live left of breach

Next Post

Bomgar Enables GDPR Compliance for Privileged Users

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

messaging apps - signal

Signal CEO hacks mobile-hacking firm

April 22, 2021
New UK laws to protect IoT devices amid sales surge

New UK laws to protect IoT devices amid sales surge

April 22, 2021
edgescan logo

PRODUCT REVIEW – Edgescan makes fullstack vulnerability management easy

April 21, 2021
The clubhouse app

Armis and UK’s Eseye partner to secure connected devices on any cellular network

April 20, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept