Will GDPR lead to an uptick in ransomware?
- Malicious actors will try to use GDPR to their advantage come May 25 by attacking an organization, figuring out what its GDPR penalty would amount to and demanding a ransom slightly lower than the penalty in the hopes that the C-suite will opt to brush the incident under the rug, according to a Trend Micro announcement.
- Ransomware families cost the world an estimated $5 billion in 2017, and three of the top families in 2016 carried over into the next year: Locky, Cerber and Cryptesla. But as the number of ransomware families increased 32% year-over-year from 247 to 327, the number of players decreased, according to Trend Micro's 2017 cyberthreats report.
- Business email compromise scams more than doubled between the first and second half of 2017, with almost 40% of attacks spoofing the CEO. CFOs were the most targeted individuals overall.
The European Union's intention is to improve accountability for data and security breaches, and the potential for more cyberattacks as a result of the high GDPR fines' is quite the unintended consequence.
While, in theory, a compliant organization should have less to worry about if it has a comprehensive data protection plan in place, at the end of the day, cybercriminals make their living off of finding those tiny loopholes and gaps in security.
Reaching GDPR compliance can already be a years-long, costly endeavor for companies. To mitigate this associated increased threat, business leaders need to also work on reducing entry points for attackers. Starting with something as simple as employee training on business email scams, which continue to plague organizations despite widespread attention on the issue, could make all the difference in the long run.
After all, if the historical trend of cybersecurity problems is to continue, 2018 could be a dangerous year. The severity of cyberattacks in 2017 was made clear by the fact that the number of affected records increased by roughly 1.6 billion as the number of disclosures decreased 32% year-over-year, according to the report.
Building up a bitcoin aresenal to pay ransoms under the table may be alluring, but no secret is safe from coming out — just ask Uber. In the meantime, improving and teaching best security practices and updating that cyber insurance policy should be higher priorities for CIOs.
Follow Alex Hickey on Twitter