Cyber security in Scotland is an ongoing issue. Our recent cyber security report highlighted that cyber security spending is up though employees are still a main cause for concern. In this blog post, Paul Reynolds discusses the other main issues impacting businesses at the moment - convergence issues and GDPR..
Gaps and cyber security convergence hit the headlines recently when an Asian bank was compromised.
Customised, targeted malware was used to activate dormant SWIFT accounts, generate rouge payment messages and cover up tracks by modifying logging systems. This led to a loss of over $80m making the heist one of the most successful single bank robberies of all time. The questions remaining for the industry: How can we be more effective against these types of attack?
Risk disciplines that help address financial crime such as cybersecurity, anti-fraud, and anti-money laundering (AML) are typically siloed or only tenuously connected. This can leave gaps in the overall threat landscape and response efforts which can leave an organisation vulnerable to attack.
Convergence of these key areas with clearly defined roles and responsibilities will provide a clearer picture of the threat landscape; may increase likelihood of early detection; could avoid duplication of effort; and increase effectiveness of controls and response activities to protect against attacks.
As discussed in an earlier GDPR advice blog post, GDPR is the European commission’s General Data Protection Regulation which is gaining increased focus as the accountability for the security of EU citizen personal and sensitive data increases for organisations, forcing them to ensure adequate controls are in place to protect data.
Failing to comply with the new regulation will see increased sanctions being applied to organisations including regular periodic data protection audits and fines of up to £20,000,000 Euros, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher
GDPR comes into effect in the UK on 25th May 2018 and will come into force despite the UK’s Brexit vote.