ZoneFox: Tackling GDPR Requires A Risk Based Strategy

The General Data Protection Regulation (GDPR) is on its way – whether businesses are ready for it or not.

In less than a year GDPR will come into full effect across European Union nations, and with the UK planning to enshrine much of GDPR into its own data protection regulations, Brexit will not offer much in the way of respite for businesses that fail to adapt their data and cyber security politics to GDPR.

At Infosecurity 2017, Jamie Graves, founder and CEO of insider threat detection company ZoneFox, joined Silicon on our stand, where he discussed some of the challenges businesses have ahead of them when it comes to tackling GDPR.

“I think what’s tripping a lot of people up are thinks like the hour investigation piece; once you get a data breach notification you have hours to understand what happened and respond to the ICO (Information Commissioner’s Office) with a follow up plan,” he said.

“And there are other elements as well, so having a full legal review of how [businesses] process data of user information and whether they have anything in deep storage they may be required to delete – it’s a fairly significant challenge.”

Dealing with GDPR

Graves explained that the best way to tackle GDPR is for businesses of all sizes to take a risk based approach, addressing the data that is most pertinent to GDPR and is most vulnerable to potential leaks and breaches.

Trying to solve everything at one may be ambitions so tackling GDPR readiness in a structured if piecemeal fashion should help keep businesses out of harms way and avoid ending up being hit with significant fines.

Graves also discussed other cyber security threats that a company like ZoneFox has insight into.

He noted that while common threats such as ransomware attacks are set to continue, cyber security challenges called by human error and cyber attacks based around using established yet tweaked techniques are set to rise.

Graves pointed out that techniques such as machine learning can help aid security researchers in tackling these cyber threats.

For the full interview, checkout the video above.

There was plenty more going on at the Silicon stand, including a discussion ESET on security threat trends and insight from Symantec on IT integration and security.

Quiz: What do you know about cyber security in 2017?