Ian Woolley
Ian Woolley 13 June 2019

How has GDPR Changed the Cybersecurity Playing Field?

Data breaches are still a common occurrence - even since the General Data Protection Regulation (GDPR) was enforced. Businesses still have their work cut out to protect their customers' data. What have we learnt from the past 12 months and how can the industry improve moving forward?

2018 was supposed to be a turning point for data privacy. Just over a year ago, GDPR was introduced by the European Union to better protect consumers’ data and urge brands to be more responsible for data privacy and protection.

As businesses rushed to become compliant, it quickly became clear that it was going to be a painful process for data owners who underestimated the scale of the task that GDPR presented.

One year on and most businesses seem confident that they’re compliant – or at least say that they are. However, over the past twelve months, some of the world’s best-known companies have come under fire for poor data practices and significant breaches - regardless of more scrutiny on data collection, storage and protection.

Take the American question and answer website, Quora, for instance. CEO Adam D’Angelo revealed user data had been compromised by a third party who gained unauthorised access to one of its systems in November 2018. The hackers stole 100 million users’ names, emails, encrypted passwords and other data from social networks that were imported. It was a massive reputational crisis and had a profound effect on customer trust.

Quora, however, was not an outlier last year. This was just the tip of the iceberg with many businesses experiencing large scale attacks, including Facebook, Ticketmaster and Vision Direct - further damaging consumer trust in brands across the board.

No business wants to experience a data breach or put their consumers’ Personally Identifiable Information (PII) in jeopardy, but even now, many organisations aren’t doing enough to prevent a data breach or GDPR infringement. So what have we learned in the last year and how can the industry improve moving forward?

Hackers have doubled their efforts to identify weak links

Whilst new regulation has shone a light on data practices and forced businesses to employ new processes, it hasn’t deterred hackers. Over the past six months alone we’ve seen even more cybercrime.

Magecart is one of the better-known groups, generating headline after headline by injecting credit card skimming malware into websites and stealing customers’ payment details - from CVV codes to names and addresses. But don’t be fooled into thinking these hackers just target big e-commerce players. Just this month, the group targeted Forbes’ subscription website, injecting the site with a Magecart JavaScript on their checkout page.

For many organisations, the increase in website attacks is a cause for concern and threats are only growing in sophistication - hackers are getting much smarter. Our new research has found that nearly 90 per cent of executives are either concerned or very concerned about the rise of high-profile breaches. Commentators argue that these cybercriminal gangs are developing Artificial Intelligence solutions to infiltrate businesses’ defences at scale. They are right to be concerned as it is certainly something we can expect to see more of in the future.

Many hackers target companies that don’t have fundamental security measures in place. For example, protection can mean overseeing unauthorised third-party technologies that are active on a business’ website. Organisations are having to learn the hard way that they need to have a holistic view of their website supply chain as only then are they able to understand where potential vulnerabilities lie. Businesses’ data defences are ultimately only as strong as the weakest link in their supply chain.

To be secure, businesses must knock down the walls they’ve built 

Websites and apps that come under the care of marketing teams can present a blind spot for IT and security teams, as their core focus is traditionally on servers and infrastructure. However, it’s on these marketing platforms that consumers entrust their data.

Many companies have fallen short on security due to this confusion around ownership and lack of visibility of the website supply chain. This is something Ticketmaster found out during a breach last year, where hackers targeted third-party vendors and injected malicious JavaScript code on the payment page. Such is the commonality of this threat, we recently found that 79.5 per cent of executives recognise that integrating third-party technologies into a website increases the risk of data leakage.

Organisations are starting to understand the grave implications of not having this overarching view, but there is more work to be done. Upskilling and creating hybrid teams are key to ensuring that this holistic view of security is possible.

Without web defences, businesses are fighting a losing battle

One year on and we’re still banging the same drum but it’s essential that organisations listen and take action when it comes to website security. The only way businesses can mitigate the risk of a breach is by doing thorough due diligence and implementing the right precautions - from selecting a good team to investing in technology solutions.

The scale of threats across the landscape is a clear and obvious sign of what companies are risking by not doing so. AV-TEST Institute reported that 856 million malware variants were created just last year alone and this will rise in the months to come.

Ultimately, it won’t take long for cybercriminals to identify the shortfalls of a digital platform, particularly one where businesses have not demanded rigorous security systems be implemented and consistently updated.

GDPR has exposed the issues that many companies were not even aware of - and other EU laws such as the second payment services directive (PSD2) will likely uncover even further revelations. This, in the long term, is a good thing for data owners and also their customers.

It is companies who are the gatekeepers of customer data and this responsibility needs to be more widely accepted to prevent hacks and align teams to mitigate risk. Those that don’t will become the next data breach victims and face more consequences than just a hefty fine. 

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
8 Digital Marketing Trends to Watch in 2023

8 Digital Marketing Trends to Watch in 2023

The internet has conditioned customers to demand instant gratification, and that’s only set to continue. In 2023, customers will expect a response time of just hours. No more sending an email and waiting days for a...

Azeem Adam
Azeem Adam 3 May 2022
Read more
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 22 September 2020
Read more
Deep Link vs. Universal Link: Which One is Better?

Deep Link vs. Universal Link: Which One is Better?

Are universal link and deep link the same thing? There are some big differences, let's understand them.

Stefano Pisoni
Stefano Pisoni 17 March 2020
Read more