How Does The Introduction of Leakware Effect GDPR?

Leakware is a specific form of ‘Ransomware’. It’s a particularly nefarious form of hacking that instead of blocking access to a company’s data, rather it leaves it open and indeed publishes it (or threatens to publish it) to the outside world  (e.g. to the ICO or a competitor) with a demand for a monetary action to remove the threat. The changing regulatory landscape, that the European Union’snew General Data Protection Regulation will create, provides a particularly unsettled reality for the abovementioned criminality.

The UK’s Information Commissioners Office(ICO) will be responsible for the policing of GDPR regulation in the UK. Leakware provides an unsettling example of how malware could create brand-damaging data breaches that could undermine your entire business.

Understanding data privacy ‘controllers’ and ‘processors’ within the realm of the new GDPR legislation is awkward, but you need to understand the basics. Leakware and other malevolent software is currently being flooded into the EU because the GDPR poses a profitable opportunity for brazen criminals and hackers.

Symantec lays bare the impact Ransomware in general is having on global enterprise computing. A July 2017 report, from Symantec, found examples like WannaCry, Mamba and Jaff which have extracted hundreds of millions of dollars from unsuspecting users. The NHS in 2017 was also affected by ransomware. Cryptocurrencies are also being deployed as a means of streamlining ransom payments. This is a big problem.

However, Infinity IT Solutions provides enterprise clients with a unique Security-as-a-Service package with premium features and benefits that can help protect businesses as the new GDPR regulation take hold whilst protecting against the nefariousness of ransom-based malware. Let’s find out more about leakware and ransomware in general.

What is the issue?

The GDPR is a new EU-wide regulation that the UK is adopting – regardless of Brexit – to help improve the data protection rights of EU citizens. The soon-to-be defunct Data Protection Act was enshrined in law in 1998 – a lot has changed since then; from smartphones, apps and the cloud. Therefore, there is a need to find a new balance for privacy.

In the wake of the Facebook privacy scandal, the GDPR is about to become a standard bearer for individual consumer rights. But how will this affect businesses? The GDPR is about two things; “controllers” and “processors”. The ‘processor’ is the responsible actor for the processing of personal data on behalf of the data controller. The ‘controller’ is the determinant actor who determines the means and purpose of each personal data process.

This sounds very complex doesn’t it? Well, it shouldn’t.  If your organisation determines the purpose of the data processing and also determines the means of the processing then your company is a controller of personal data, if not, you are a processor of personal information.

Failure to properly ‘action’ a data protection activity could lead to a major fine with brand damaging consequences. Let us find out what some of these consequences can mean in a real-world enterprise setting.

The Cost to Business

According toresearch, email is the “main source of menace” for ransomware and leakware. The number of ransomware-based attacks is growing from 101 ‘infections’ in 2011 to nearly 470 in 2016/17. The breakdown by month also intersects with enterprise lifecycle change periods, April to July, which alludes to the second most popular source of malware intrusion – brand new unprotected systems.

Understanding the sources helps to better evaluate the ‘cost’. A major ransomware or leakware attack has a myriad of diverse ‘costs’ associated with such an outbreak. One prime example which was discovered on May 12th, 2017, which caused havoc worldwide – including the NHS, was called WannaCry. This reprehensible piece of code exploited a vulnerability in Windows – the implementation of Server Message Block protocol. It resulted in global pandemonium.

According to the National Audit Office, WannaCry’s NHS cyber-attack cost nearly £800 million in disruptive costs. This was based on cancelled operations, treatments and day procedures and general admissions. Globally, Reutersreported that Lloyds of London, the insurer, could be liable for up to $8 billion in damages and costs associated with the WannaCry attack.

The cost for SME is even more stark. The deeper pockets of state organisations and blue-chip corporations help overcome major attacks. However, the SME community has a more modest financial base and major attacks could bring down companies. Ransomware costs European SMEs£71 million in downtime.

The GDPR dynamic adds even more financial pressures. The cost of a GDPR data breach can reach 2% of profits or €20 million euros – depending on which is greater. The brand-damaging, costly and organisationally disruptive act of Malware being used to blackmail companies with data dumps to regulators could have a massive impact on, not just EU, but global businesses dealing with EU private data.

What can you do? Introducing Infinity Security-as-a-Service

Organisations, small and large, need to think about how they can protect their entire business from such damaging external threats. Infinity IT Solutions has created a bespoke solution to help organisations navigate the perils of leakware and ransomware, among other forms of malware, to help maintain organisational data protection integrity.

Infinity Secure, a Security-as-a-Service cloud solution, provides a range of benefits for businesses wanting dynamic protection, monitoring and support. The service comes with penetration testing, this is a crucial part of the initial evaluation of your IT systems and networks – by understanding the sources of possible penetration, businesses can mitigate against such incursion by deploying InfinitySecure.

The SaaS service provides the following benefits:

  • Penetration Testing
  • Next Generation Endpoint Detection & Response Protection
  • Firewall
  • Network Alert & Notification Services
  • 24×7 Service Desk Support
  • Backup-as-a-Service
  • Disaster-Recovery-as-a-Service

The Infinity Secure cloud service provides full spectrum malware protection from providing preventative testing, EDR protection, full firewall protection, complete notification systems with full 24/7 support and if the worst happens you can restore from multiple back-ups and recover from disaster.

Why not call Infinity IT Solutions today? Call our team directly on 01889 228 439 and claim your free consultation with our expert SaaS consultants. GDPR is coming, new data processing rules mean you need to protect your company and Infinity IT Solutions’ innovative Infinity Secure platform can provide the right GDPR-centric Leakware/malware protection.