GDPR and a New Threat to Privileged Users
The European Union’s General Data Protection Regulation 2016/679 (a.k.a. “GDPR”) has many organizations struggling to achieve compliance with the new laws on data protection and privacy. With fines already being issued by EU Regulators, there are reports that some organizations have ceased online operations in the EU to avoid the financial risks of non-compliance (e.g. steep fines, as high as 4% of violators' global annual revenue).
For those organization’s continuing with their business missions within the EU, one expert predicts new forms of cyber-crime targeting privileged users within organizations subject to GDPR regulations. Rather than stealing your data and auctioning it off to buyers on the dark web, data thieves may find it more lucrative to ransom your data back to you. In his recent article for Dark Reading, Mark Coates explains how such a scheme would be executed and provides some steps an organization can take to reduce the risk of this new twist in data theft.