UK Businesses attacked every 50 seconds and the ICO flexes its GDPR muscles

Businesses in the UK face attempted cyber-attacks every 50 seconds according to a new report from Beaming; and the ICO issues two substantial GDPR fines.

The number of attacks is the highest seen by Beaming since it first began recording incidents in 2016. The data shows that the number of attacks jumped 179% in the second quarter of 2019 when compared with the same period in 2018.  The sheer number of attacks suggests that businesses are being targeted by automated tools that trawl the web in hopes of discovering and exploiting vulnerabilities.

The sharp increase in the number of recorded cyber-attacks highlights that the model of cybercrime-as-an-industry is booming.  Organised criminal gangs are often run just like any other professional retailer. They offer automated tools that allow even a novice the ability to launch cyber-attacks.

The best way to reduce the likelihood that your business will fall victim to such indiscriminate attacks is to ensure that you have the cyber basics covered. You can read more about the cybersecurity basics here.

ICO dishes out two hefty GDPR fines

Not one but two substantial GDPR fines have been handed out by the Information Commissioners Office (ICO) hammering home the message that they’re serious about punishing organisations that fail to take adequate steps to protect the personal and sensitive data they hold on customers.

First to feel the pain was British Airways who were fined a record breaking £183 million or 1.5% of its worldwide turnover. The airline got into hot water after it revealed that hackers had stolen the details of half a million of its customers in August last year.

The ICO wasn’t done yet however as it revealed that it is planning to fine the hotel group Marriot International £99.2 million due to a breach that saw the personal details of 339 million guests exposed online, of which 30 million were European. The incident took place back in 2014 but because it was only discovered in 2018 (4 years later) it falls under GDPR. The breach is thought to have been the result of poor due diligence being carried out by Marriot when it acquired rival hotel group Starwood, whose guest reservation system had already been compromised and allowed hackers a backdoor into Marriot. The ICO said that Marriot had failed to review Starwood’s data practices properly. Both companies have said they will contest the fines. 

Prior to the introduction of GDPR the maximum fine that could be dished out was £500,000 (e.g Facebook), but now a company can be fined up to 4% of its turnover. For big business this is a lot of money but for but the impacts would be just as damaging, if not more so for a small/medium sized business. Such a hit to a SME’s finances could be disastrous.  The previous largest fine issued under GDPR was France’s CNIl who fined Google €56 million in January for processing personal data of its users for its services, such as personalisation of ads without a valid legal basis.

These two cases have now set a precedence for future fines and it’s likely that they will never be as low as they once were before GDPR came into force. Will the threat of hefty fines be enough for businesses to take data protection more seriously? Only time will tell.

For Further Reading

GDPR: When the ICO comes knocking, how do you prove you tried?

In charge of cybersecurity? Take Control of what you’ve inherited

Democratise your cyber security with CyberScore

Follow us on FacebookTwitter and LinkedIn and join the CyberScore Community

Want to try CyberScore? Click here for a free trial - https://xqcyber.com/registration/new