Every organization that is impacted by the sharing and storage of data are discussing the General Data Protection Regulation (GDPR), a recently announced European regulation designed to protect EU citizens’ private data that goes into effect on May 25, 2018.
Under GDPR, all organizations must report any data breaches within 72 hours of discovering them. In the event of a cyber incident, they’ll also need to:
- notify customers by providing a description of the nature of the breach, along with appropriate numbers of data subjects and personal data records involved and
- restore availability and access to customers’ personal data in a ‘timely manner’.
The risk: the new regulation carries with it a heavy sanction of up to €20million or 4% of the annual worldwide turnover–whichever is greater.
The details above clearly outline why GDPR is such a hot topic right now, and why enterprises are putting a lot of effort and investment toward compliance before May. With such a lofty fine and severe stipulations in the case of a breach, they have no choice; non-compliance could easily lead to financial and reputational ruin.
The Challenges: Fast Detection & Superior Investigation Capabilities
With a 72-hour reporting window for any breaches, companies will need to quickly gather information surrounding the nature of the breach as well as its impact.
Of course, there is a Domino effect at play here. The sooner an incident is detected, the lower likelihood that hackers have stolen data…and if they’re unable to pilfer sensitive materials, then there’s no need to report it. The result? No hefty fine, and the company’s reputation remains spotless.
Let’s say that a breach was successful, and hackers gained access to data. In this case, a company would need superior investigation capabilities in order to know the actual impact of the breach, which is much easier said than done. Knowing you have been breached is challenging enough, but grasping exactly what has been compromised and if anything was stolen is even more difficult.
This is why security teams need a clear incident response plan in place–one which enables them to quickly check their alerts and remove false-positives or any other ‘noise’, keeping only the relevant alerts that indicate whether data may have been accessed, and if further investigation is needed.
- If data has been accessed, companies need precise visibility on what has been exposed, and how hackers made it into their system. (For example, if an organization stores million of pieces of personal data, but only a few were compromised, the fine will be much lighter than in the case of a larger breach.)
- The next step will be for the security team to respond appropriately–and quickly. Security staff absolutely need to be trained and have clear processes in place for every type of attack scenario, as it will prevent any confusion or miscommunication across teams (especially those that are distributed) when time is of the essence. Remediation needs to be swift, and personnel must be decisive. There is very little margin for error in actions taken in response to a breach; mistakes could leave the organization further exposed, or even more vulnerable to future attacks.
The Solution: Giving Security Teams the Edge
Having the right detection tools and strong investigation capabilities could mean the difference between suffering a major attack, or preventing one.
Intezer has developed this type of technology so that security teams can use to protect their organization’s data 24/7. During the detection phase, Intezer Analyze™ solution can help companies to easily analyze files, removing false positives and know if an alert is accurate or not. If a security team has Intezer Immune™ in place, any code change will be flagged immediately.
When investigating files, Intezer’s tools not only locate the attacker, but enable attribution–so teams can respond quickly and remediate any issues, avoiding fines.
Not only will GDPR require organizations to protect their data and have tools in place to avoid breaches; it also acknowledges the fact that breaches do happen, and that companies must be prepared. By having a protective arsenal from Intezer in the rollout of this new regulation, companies can avoid huge fines, simultaneously minimizing hackers’ damage and maintaining strong reputations–with security teams likely sleeping much better knowing they have unmatched technology behind them.
Contact us now or request a demo to bring your incident response plan up to speed.
Through its ‘DNA mapping’ approach to code, Intezer provides enterprises with unparalleled threat detection that accelerates incident response and eliminates false positives, while protecting against fileless malware, APTs, code tampering and vulnerable software