Article

Ian Woolley
Ian Woolley 13 June 2019

How has GDPR Changed the Cybersecurity Playing Field?

Data breaches are still a common occurrence - even since the General Data Protection Regulation (GDPR) was enforced. Businesses still have their work cut out to protect their customers' data. What have we learnt from the past 12 months and how can the industry improve moving forward?

2018 was supposed to be a turning point for data privacy. Just over a year ago, GDPR was introduced by the European Union to better protect consumers’ data and urge brands to be more responsible for data privacy and protection.

As businesses rushed to become compliant, it quickly became clear that it was going to be a painful process for data owners who underestimated the scale of the task that GDPR presented.

One year on and most businesses seem confident that they’re compliant – or at least say that they are. However, over the past twelve months, some of the world’s best-known companies have come under fire for poor data practices and significant breaches - regardless of more scrutiny on data collection, storage and protection.

Take the American question and answer website, Quora, for instance. CEO Adam D’Angelo revealed user data had been compromised by a third party who gained unauthorised access to one of its systems in November 2018. The hackers stole 100 million users’ names, emails, encrypted passwords and other data from social networks that were imported. It was a massive reputational crisis and had a profound effect on customer trust.

Quora, however, was not an outlier last year. This was just the tip of the iceberg with many businesses experiencing large scale attacks, including Facebook, Ticketmaster and Vision Direct - further damaging consumer trust in brands across the board.

No business wants to experience a data breach or put their consumers’ Personally Identifiable Information (PII) in jeopardy, but even now, many organisations aren’t doing enough to prevent a data breach or GDPR infringement. So what have we learned in the last year and how can the industry improve moving forward?

Hackers have doubled their efforts to identify weak links

Whilst new regulation has shone a light on data practices and forced businesses to employ new processes, it hasn’t deterred hackers. Over the past six months alone we’ve seen even more cybercrime.

Magecart is one of the better-known groups, generating headline after headline by injecting credit card skimming malware into websites and stealing customers’ payment details - from CVV codes to names and addresses. But don’t be fooled into thinking these hackers just target big e-commerce players. Just this month, the group targeted Forbes’ subscription website, injecting the site with a Magecart JavaScript on their checkout page.

For many organisations, the increase in website attacks is a cause for concern and threats are only growing in sophistication - hackers are getting much smarter. Our new research has found that nearly 90 per cent of executives are either concerned or very concerned about the rise of high-profile breaches. Commentators argue that these cybercriminal gangs are developing Artificial Intelligence solutions to infiltrate businesses’ defences at scale. They are right to be concerned as it is certainly something we can expect to see more of in the future.

Many hackers target companies that don’t have fundamental security measures in place. For example, protection can mean overseeing unauthorised third-party technologies that are active on a business’ website. Organisations are having to learn the hard way that they need to have a holistic view of their website supply chain as only then are they able to understand where potential vulnerabilities lie. Businesses’ data defences are ultimately only as strong as the weakest link in their supply chain.

To be secure, businesses must knock down the walls they’ve built 

Websites and apps that come under the care of marketing teams can present a blind spot for IT and security teams, as their core focus is traditionally on servers and infrastructure. However, it’s on these marketing platforms that consumers entrust their data.

Many companies have fallen short on security due to this confusion around ownership and lack of visibility of the website supply chain. This is something Ticketmaster found out during a breach last year, where hackers targeted third-party vendors and injected malicious JavaScript code on the payment page. Such is the commonality of this threat, we recently found that 79.5 per cent of executives recognise that integrating third-party technologies into a website increases the risk of data leakage.

Organisations are starting to understand the grave implications of not having this overarching view, but there is more work to be done. Upskilling and creating hybrid teams are key to ensuring that this holistic view of security is possible.

Without web defences, businesses are fighting a losing battle

One year on and we’re still banging the same drum but it’s essential that organisations listen and take action when it comes to website security. The only way businesses can mitigate the risk of a breach is by doing thorough due diligence and implementing the right precautions - from selecting a good team to investing in technology solutions.

The scale of threats across the landscape is a clear and obvious sign of what companies are risking by not doing so. AV-TEST Institute reported that 856 million malware variants were created just last year alone and this will rise in the months to come.

Ultimately, it won’t take long for cybercriminals to identify the shortfalls of a digital platform, particularly one where businesses have not demanded rigorous security systems be implemented and consistently updated.

GDPR has exposed the issues that many companies were not even aware of - and other EU laws such as the second payment services directive (PSD2) will likely uncover even further revelations. This, in the long term, is a good thing for data owners and also their customers.

It is companies who are the gatekeepers of customer data and this responsibility needs to be more widely accepted to prevent hacks and align teams to mitigate risk. Those that don’t will become the next data breach victims and face more consequences than just a hefty fine. 

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
How to Collaborate With UGC Creators?

How to Collaborate With UGC Creators?

Learn how to boost your brand through UGC creator collaborations: define goals, identify and engage with creators, offer incentives, and measure success for long-term partnerships.

Shivam Rawat
Shivam Rawat 28 February 2024
Read more
Adapting B2B Digital Marketing for the Modern Buyer Journey

Adapting B2B Digital Marketing for the Modern Buyer Journey

Digital marketing also allows for precise tracking and measurement of marketing efforts, enabling data-driven decision-making and optimization. In an increasingly competitive B2B landscape, a well-executed digital...

Ghia Marnewick
Ghia Marnewick 21 February 2024
Read more
How To Be the Best Marketer in 2024: Traits According to Your Star Sign

How To Be the Best Marketer in 2024: Traits According to Your Star Sign

Have you ever wondered how your astrological sign might influence your marketing approach?

Jen Macdonald
Jen Macdonald 16 February 2024
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

Whether you're a startup or an established business, the company website is an essential element of your digital marketing strategy. The most effective sites are continually nurtured and developed in line with...

Digital Doughnut Contributor
Digital Doughnut Contributor 7 January 2020
Read more