25 May is coming up fast, and organizations everywhere are preparing for the enforcement of the EU’s General Data Protection Regulation (GDPR).
Or rather, they should be preparing.
GDPR’s a big deal, and without the right technology and processes in place your organization could be exposed to the risk of huge fines (alongside the often substantial costs of investigation, cleanup, lost business and damage to reputation).
In 2017, 58% of recorded breaches were the result of a hack by an outside party, or a malware infection.
Criminals employ a diverse range of techniques to break into networks, from phishing attacks to exploiting known vulnerabilities and bruteforcing RDP passwords. Once inside your network they can deploy sophisticated malware that identifies and exfiltrates sensitive data, such as financial and medical records and other PII (Personally Identifiable Information).
Even a successful ransomware attack – one where your files are encrypted and held hostage until you pay up – is considered a breach.
To cope, your security must be multi-layered and ready to stop a wide range of tactics.
Defense in depth
The best defense is to stop malware at your network perimeter before it ever reaches your devices, so setting up a powerful front line, using a product like XG Firewall, is vital.
But, of course, no software is foolproof and one product is not enough by itself. A best practice, defense in depth strategy demands effective protection at the endpoint as well.
With more than three million new forms of malware now created every day, classic antivirus isn’t enough by itself anymore. Your endpoints also need the added protection of technology like Intercept X and its anti-ransomware, anti-exploit technology that can identify malware by its behaviour rather than its signature.
And despite servers often containing an organization’s most sensitive data, they are frequently overlooked from a security angle. Sophos Server Protection delivers capabilities that are critical for data security on servers: anti-ransomware protection that stops data being encrypted; anti-exploit functionality that closes commonly used attack vectors; and application allowlisting that stops users from naively allowing dangerous apps to run.
This article is the first in a series on the upcoming GDPR. Next time, we’ll talk about the potentially serious consequences under the GDPR of misplaced or stolen laptops and mobile devices.