While GDPR has been important in making sure that companies look after customer’s data it is providing an opportunity for cyber criminals to further their own agenda.
BlackBerry has found a new trend in the last couple of years with ransomware groups using GDPR to their advantage, threatening to alert data regulators to the fact that victims had been breached, adding additional pressure on the targets to cave to their demands.
Adam Bangle, Vice President EMEA at BlackBerry said that two years ago, few could have predicted that a regulation put in place to make data safer could turn into a tool for blackmail.
“Cyber criminals are taking advantage of the knowledge that companies will face hefty fines if it is discovered they have an unreported data breach. In some cases, paying the ransom might seem an easier and cheaper way to resolve the issue – and that’s what the attackers are counting on”, he said.
Ransomware tactics are infinitely flexible – constantly evolving and adapting to changing circumstances. It is hard to predict what threat actors will pull next from their bag of tricks which is why it is critical to ensure that incidents are dealt with swiftly, transparently, and in accordance with local data regulators and laws. The last thing you need in these situations is to face considerable cost and reputational damage due to poor incident handling, Bangle said.
“As we step into the third year of GDPR, it is more imperative than ever that companies and institutions around the world continue improving and evolving their data handling mechanisms by making secure backups regularly. One thing is for sure, deploying robust data protection sooner rather than later will save organisations time, money and their reputations”, Bangle said.