Attackers Constantly Threaten the Survival of Organisations, but there is a New Shark in the Water: Carcharodon Carcharias Moderator Europa Universalis

Abstract

Many attackers constantly threaten the very survival of all organisations. They will attack any and every IT component of every organisation, whether financial, industrial, retail, service, educational, charitable or governmental, using whatever means they can to breach these systems. They ignore legislation, regulations and standards, do not care who they inconvenience, or hurt. They have no moral scruples and will have no compunction about attacking the weakest link in any organisation - the people. Why is this a problem? The answer is the European Union General Data Protection Regulation, which is effective from 25th May, 2018. The new regulator will have the power to impose fines for non-compliance to the maximum of 20 million or 4% of the previous year's global turnover. Jurisdiction for organisations requiring to be compliant is now global and these organisations are obliged by regulation to report any breach within 72 hours of discovery, potentially leading to massive fines. In this paper, we highlight the need for all such organisations to be aware of the serious pitfalls they face when considering the impact of this regulation should they fail to be compliant. We make some sensible suggestions for actions that organisations might take to mitigate their risk now. We also outline our plans for a test study to determine how effective our suggestions might be.