The General Data Protection Regulation (GDPR) went into effect two years ago. The European Union established strong, common standards for data protection, and ensured that individuals retain control of their personal information. They also introduced serious consequences to enforce those standards, and companies that have failed to comply with GDPR have been hit with significant fines and penalties. This far along, it may seem like there wouldn’t be much to talk about when it comes to GDPR, but maintaining compliance is an ongoing challenge as technology evolves and the issues of data protection and personal privacy continue to be a primary concern.
GDPR—and the need to protect data and privacy in general—will be a central focus of cybersecurity efforts over the next few years, and a primary driver for security teams seeking out more robust cybersecurity solutions. Maintaining compliance with GDPR and taking every precaution to protect sensitive data builds customer confidence and loyalty.
Challenges of GDPR
There are a number of cybersecurity tools and controls that play pivotal roles in achieving and maintaining compliance with GDPR. Encryption protects data from access or compromised by unauthorized individuals. Identity and access management (IDAM) limits access to personal data. Data loss prevention (DLP) tools and policies prevent the exposure or theft of data. These cybersecurity tools contribute to limiting access and avoiding exposure or compromise of data, but the real holy grail for organizations is the ability to quickly detect when an attacker is able to get past these defenses.
GDPR requires that organizations have an incident response plan (IRP). According to GDPR requirements, “In the event of a potential data breach that involves personal information, an organization must notify the Data Protection Authority without undue delay, within 72 hours if feasible, after becoming aware of the breach; and Communicate high-risk breaches to affected data subjects without undue delay.”
Constant Vigilance is Key
The ability to quickly detect attacks that slip through is one of the most important elements of effective cybersecurity. There is no amount of investment in cybersecurity that will prevent 100% of attacks, so you need complete and continuous visibility across your IT estate to catch the attacks that preventive measures miss.
By 2024, 40% of midsize enterprises will use MDR as their only managed security service
That means around-the-clock monitoring, though, because cyber attackers don’t maintain business hours. Most attacks are conducted using automated scanning and exploits anyway, and when it’s 3 am in your area, it’s still 2 pm somewhere else. The problem is that very few organizations are capable of monitoring their network environment 24/7. The world is facing a shortage of skilled cybersecurity talent, and it is cost-prohibitive for most businesses to hire and retain the expert talent necessary to provide effective monitoring and incident response.
Security is hard and complicated. Organizations typically rely on other sources and providers to know when they are being attacked and how they can respond. This ability—or lack thereof—to respond is a natural compromise in the presence of what they see as the impossible task of making themselves 100% secure.
This is where MDR comes in. Managed detection and response solutions identify active threats across an organization and then respond to eliminate, investigate, or contain them. Today, this can mean monitoring on-premises and cloud deployments, endpoints, containers, mobile devices, and other IoT (Internet of Things) and edge devices. MDR has increased in visibility and importance as organizations realize that the scale and complexity of the security challenge become intractable for individual organizations, regardless of size.
According to Gartner, “By 2024, 40% of midsize enterprises will use MDR as their only managed security service.”1 The MDR provider provides the security tools, the threat intelligence, and the security experts, enabling you to not only protect your data and maintain GDPR compliance but giving you more effective cybersecurity and peace of mind in general.
Rapid Response Equals Minimal Impact
Much of the damage that organizations suffer from a data breach is not a function of the initial attack. The average dwell time—the amount of time between the initial attack and discovering it—is often measured in months or weeks. That delay in detection provides attackers with virtually unlimited time to conduct further reconnaissance of the network, infect other vulnerable systems, and identify valuable or sensitive systems and data.
A good MDR provider will alert you to suspicious activity or a potential breach within 15 minutes of detecting the activity. A quick response enables you to investigate and mitigate the incident to minimize—or possibly avoid—damage. It also gives you plenty of time to determine exactly what happened, and what—if any—data was affected or compromised within the 72-hour reporting window for GDPR.
GDPR has been around a while, and every organization subject to it should have already achieved compliance. Technology evolves quickly, though, and organizations have increasingly complex networks. The key to protecting data and effectively maintaining compliance with GDPR over the next few years is a focus on constant vigilance and working with a trusted MDR provider.
1 Gartner, “Market Guide for Managed Detection and Response Services,” Toby Bussa, et al., 15 July 2019.