Cyber risk has many faces, but the possibility of damaging an organization is a constant in all cyber-attack variations. If personal data is exposed, this not only puts the organization’s reputation at stake but also can generate harm to those individuals whose data was compromised. This is one of the key reasons the European Union created new regulation to counteract cyber-attacks, ultimately placing responsibility on the company.
On April 27, 2016, the General Data Protection Regulation (GDPR) was implemented in the EU data protection framework. This May, the policy goes into effect with the goal of protecting data with unprecedented measures.
“If an organization can’t demonstrate that good data protection is a cornerstone of their business policy and practices, they’re leaving themselves open to enforcement action that can damage their public reputation and possibly their bank balance,”
noted Elizabeth Denham, UK Information Commissioner.
With this vigilant focus, data security is finding itself at the forefront of the strategy conversation in 2018 – especially with the risk of hefty fines.
GDPR and incoming files
According to Recital 15 in the EU GDPR regulation, GDPR applies to all “personal data contained or intended to be contained in a filing system.” This broad definition includes all structured files, and puts organizations at risk to which some of them might not be aware of. It also includes incoming files, which are stored in the organization’s filing system, and are the main method of communication between the external world and the organization: emails, email attachments, removable media, web downloads, file sharing and more.
Incoming files could very well contain malicious attacks, as they become part of the organization’s filing system.
And what’s even worse, some of these attacks remain unknown to the organization, until it is too late and the damage is done.
Why most organizations don’t comply with GDPR
There are two types of security threats: known and unknown. Unknown threats are tricky. These attacks, also referred to as zero-day, come out of nowhere and can take months, even years, to remedy. Organizations do their best to prepare, but most of the common security practices are insufficient. Gartner stated that “security protection using signature-based blocking and prevention such as antivirus and intrusion prevention systems fail to stop zero-day and targeted attacks.”
The risk is growing. The Kaspersky Security Bulletin predicts that “In 2018, we expect to see advanced threat actors playing to their new strengths, honing their new tools.”
There is only one technology that can fully protect organizations from zero-day: Content Disarm and Reconstruction (CDR) technology.
Adding CDR technology to an organization’s cybersecurity is no longer an option – it is a necessity.
With GDPR as a catalyst, organizations must take a stronger stand. Organizations that ignore the need for CDR, do not comply with GDPR, and put their data at high risk.
Keeping secure and GDPR compliant
Avoid the risk of high fines and security breaches with Votiro’s patented next-generation CDR technology. Where other solutions stop, Votiro begins. Our award-winning solutions identify and disarm malware from incoming files, and reconstruct them before they reach your premises, leaving original content intact.
Discover how Votiro can secure all your channels of incoming data, keep you safe against zero-day attacks, and make your organization GDPR compliant.