No time to overstate data breach incidents
New EU regulations requiring data breach disclosures come into force on 25 August, notes Ross Brewer
The barrage of data breaches we are seeing points to an urgent need for organisations to up the ante on data protection as mandatory data breach disclosure rules come into force this weekend, 25 August.
When these regulations were first discussed, following the EC's draft proposals in 2012, many people considered the suggested penalties and timeframes too severe.
Perhaps those organisations should have seen this as a warning, and used the past 12 months to really get their ducks – or cyberdefences – in a row. Unfortunately, it seems this did not happen.
As with any ongoing crisis, there comes a time when less talk and more action is needed – and it may be the case that these impending regulations will be the final call to action for organisations with lax security policies.
Given the sophistication and readiness of today's cybercriminals, organisations can no longer sit idly and assume they are immune to attack. As the risks of reputation damage and customer churn are clearly not persuasive enough, maybe the threat of severe, perhaps debilitating, financial penalties will do the trick.
For organisations now entering panic mode, it is important to step back and take an objective look at their security polices as soon as possible.
The tight timescales dictated by the new regulations mean there is no room for error and organisations must adopt a protective monitoring strategy that delivers clear insight into every single activity occurring across their network.
It is often the case that network data processing is inefficient, leading to inaccurate breach reporting under the pressure of the 24-hour window.
This "overdisclosure" has already become an issue in the US; many organisations have reportedly overstated the severity of incidents due to poor visibility of what has really happened.
This should be a lesson for every industry while the new regulations remain fairly limited. It is only a matter of time before a universal set of rules is not just proposed but enforced.
Ross Brewer is vice president and managing director for international markets at LogRhythm