With the recent GDPR fines levied on British Airways, companies are becoming keenly aware of the impact this data privacy regulation could have on their business. Learn how some are rethinking their approach—and how ARIA Cybersecurity Solutions can help.
In case you missed it, British Airways has become the latest company to feel the impact of the GDPR regulation, to the tune of $230 million in GDPR fines. In a recent blog we discussed the magnitude of the announcement—the largest fine since the GDPR regulations were announced was sure to force organizations to sit up and take notice—and act to shore up their own security.
There is no question many companies are rethinking security roles and approaches now that the GDPR regulations have made their presence known and felt. Let’s look at what’s changed—and what’s changing—as companies begin to understand what GDPR compliance means.
From the security office to the boardroom
Not long ago if you asked a company’s board of investors to explain what GDPR is, or what the company is doing to comply, they would fumble for the right answers. That’s likely going to change as the fines leveled on British Airways and Marriott ($123 million) have all but guaranteed that investors and shareholders will want to know what companies are doing to protect their investment. Privacy, data security, and data protection will be discussed in every boardroom and investor report, and as discussed in a previous blog, these topics will be considered in Moody’s future credit rating evaluations. We may even see GDPR compliance become a deterrent in M&A actions.
Honesty and urgency are the best policy
In the U.S., the states individually control many of the factors related to data breaches, including notification requirements. In many cases those requirements are not strict enough, yet, to align with GDPR compliance, which means organizations are setting themselves up for a substantial level of risk if they are not thinking beyond state and even federal requirements.
While most states require immediate notification “without unreasonable delay,” this is too loosely defined—in some states that means 45 days, in others as long as 90 days. Too often U.S. companies have been guilty of not reporting data breaches until months after discovery, leaving personal data at risk far longer than GDPR regulations will find acceptable. U.S. companies with global customer bases will need to shore up their policies or find themselves shocked when the EU drops the hammer on them despite their own perceived alignment with state and federal guidelines.
Culture of security becomes a priority
While the GDPR fines are large and can have serious financial implications, expect companies to be even more concerned about the long-term implications on brand trust and credibility. As such, many will look to make GDPR compliance a company-wide initiative, empowering employees as the first line of defense and making ongoing security awareness and training mission critical.
The most recent GDPR fines don’t just have the attention of the CIO—they are reverberating throughout the boardroom and impacting organizations top to bottom. Many are realizing the importance of having the right technology partner or security provider, as compliance is a bigger job than many expected.
How ARIA Cybersecurity Solutions can help
GDPR regulations and the consequences are intimidating for global organizations, and we understand the challenges in implementing a comprehensive and effective network security and data protection infrastructure—as well as the best way to comply with increasingly difficult, even conflicting federal, state, and industry regulations. While it may be challenging, the right security tools may save the business from the devastating effects of a data breach—and the fines that inevitably result.
Our suite of cybersecurity solutions improves the threat detection and containment capabilities of existing security tools, such as SIEMs or SOARs, by providing better internal network-based visibility on suspicious conversations. For example, our Myricom smartNICs and Secure Intelligent Adapters and ARIA SDS Packet Intelligence application can not only monitor, but capture all network activity, providing complete visibility into the entire internal network, including east-west traffic, and directing all or specified Netflow data to existing security tools.
This lets these threat detection tools identify and contain more network-borne threats in real time. Therefore, remediation and investigation can occur before a cyberattack could turn into breaches that could affect consumers.
Additionally, our incident response and breach notification solutions help InfoSec teams meet even the toughest regulatory compliance requirements in several critical ways:
- Speeding up all stages of incident response
- Completing breach investigations in mere hours–not days, weeks, or months after the fact.
- Pinpointing the impacted devices and immediately and automatically takes direction from existing tools, including SOARs, to shut down communications between only those devices.
- Providing detailed reporting on the exact PII records impacted, if any, and demonstrate proof that data is encrypted.
Not only does this help improve any company’s security posture, but it delivers the proof needed for regulatory compliance.
To learn more about ARIA Cybersecurity Solutions, and how we can help overcome traditional security challenges and ensure compliance, please visit www.ariacybersecurity.com.
About ARIA Cybersecurity Solutions
ARIA Cybersecurity Solutions recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor all internal network traffic, while capturing and feeding the right data to existing security tools to improve threat detection and surgically disrupt intrusions. Customers in a range of industries rely on our solutions each and every day to accelerate incident response, automate breach detection, and protect their most critical assets and applications. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way in cybersecurity success.