[Discussion] - Is GDPR a Win for Cybercriminals?

Userlevel 7
Badge +36

Tyler Moffit (Senior Threat Analyst) published a blog post on The GDPR and it's implications on the world of cybercrime.
I encourage you to check it out, it's an interesting read!
What are your thoughts about this new window that's been opened? Does it impact you or not at all?
See you in the comments below! 

2 replies

Userlevel 4
Badge +4
Worth explaining that GDPR is the General Data Protection Regulations and is the European Union's mandatory rules for dealing with data that can be linked in any way to an individual.
GDPR is a progresive move, although as with any new rules, there is a lot of misunderstanding and resistance to change.
Good luck!
Userlevel 4
Badge +2
Criminals exploiting common email tends?
There is always a phishing campaign when any new law comes in to force. GDPR is just so publised that it makes sence for criminals to fake the largely uneccessay emails companies are sending out.
Its ironic that these fake emails ask for information when the law is about restricting the information shared.
From our experience we've found that most small companies have not had obvious policies in place to protect data, they just assumed that data was safe or had not considered that they had a reponsibility to keep it safe.  The CC email distribution list problem (where everyone sees the emails of the other reciepients) has existed since email started.  I would like to see the stats from office workers as to wether they understand what BCC is for.  From straw polls I've done in the past only about 50% of people using email day to day understand this.
Hopefully GDPR enforcement (fines probably) will encourage education in to how to handle data (its a principle of GDPR after all).
Extra cash from ransomware?
I'm not sure if fines are going to be imposed so frequently for this to up the price of ransomeware.  The fact that GDPR compliance should include making data backups should reduce the effectiveness of ransomware.