Article written by Splunk A/NZ Area VP Simon Eid
Protecting personal information in the digital age is a key priority, albeit a key challenge, for many Australians. The question of who controls the way data is gathered, used and shared is becoming increasingly top of mind as the world prepares for the introduction of the General Data Protection Regulation (GDPR) on the 25th of May, 2018.
The GDPR is one of the most sweeping regulatory changes related to data protection ever introduced at such a large scale, anywhere. It includes requirements for the appropriate technical and organisational measures to mitigate risk and mandatory disclosure of breaches to impacted EU citizens and supervisory bodies. Failure to comply could mean fines of up to 20 million euro or up to four percent of an organisation’s worldwide annual turnover.
In February, Australia was first to roll out its data privacy regulation with the introduction of the mandatory data breach notification scheme. Within the first six weeks of the NDB scheme coming into play, the Office of the Australian Information Commissioner (OAIC) received 63 reportable data breaches.
This seems like a relatively high number of breaches, suggesting that the legislation may not be strong enough to ensure compliance. At the same time, hackers are refining their art and outpacing security defences.
Importantly, the GDPR applies to any organisation conducting business in the EU. Now is the time for Australian companies to get on top of the local regulations and start to navigate the requirements that come with the GDPR.
With this in mind, it’s time to look beyond traditional security solutions, to data protection and recovery. Dynamic resources for real-time intelligence that help detect ransomware threats are critical to helping organisations drive better security practice proactively. Let’s take machine learning data as an example.
Insights from machine data provide early warning of threats to digital infrastructure. A digital environment produces massive volumes of activity logs that can be used to detect unauthorised access.
Machine data can tell you whether there is login activity associated with an employee who is out-of-office, raising a possible red flag. You can also identify when a new mobile device is enrolled in your system or logs into a VPN, providing early warning of compromised credentials that can help you prevent data exfiltration.
While it’s important for organisations to become quicker and smarter at responding to threats, we also need to think about how to comply should a breach occur. When a breach is reported, the GDPR grants authorities permission to carry out data protection audits to check if the organisation’s security policy factors in “state of the art” technologies to its IT security policy.
Machine data provides the historical information organisations need to demonstrate to controllers and supervisory authorities that they had appropriate security controls in place and proactively worked to mitigate risk. Whether it’s technical configurations and their changes, password reset history or update history, machine data can be used to document all of these and many other key security considerations.
As the GDPR looks set to take data protection to a new level, there’s no doubt many organisations feel daunted by the requirements and complexities that come with it. Those who jump on board by strengthening their security posture will be well positioned to comply. Those who don’t, risk drowning. Now is the time for businesses to tap into machine data as a step in the right direction when it comes to GDPR readiness.