What were those times back in 2018, when the entry into force of the GDPR caused the greatest possible excitement in business and IT. Well, a realization after 4 years with GDPR: GDPR compliance also protects against ransomware damage.
In the meantime, tempers have calmed down significantly in this regard and we had to experience a pandemic and a war of aggression in Europe. In short, those who were GDPR compliant from the start were better able to deal with these enormous crises because they had already given their most valuable assets, their data, the attention they deserved and had done everything necessary to protect them.
Over 66 percent of companies implement the GDPR
After all, around two-thirds of companies in Germany have now implemented the GDPR. However, really completely only 20% or mostly 45%, 29% at least partially. The increasing number of procedures and the increasing fines, which according to the GDPR Enforcement Tracker in 2021 clearly exceeded the billion mark across Europe at 1.277.000.000 euros, certainly contributed to this. For comparison: in 2019 the fines were “only” 73 million euros. However, we should not look at the GDPR from the point of view of avoiding disadvantages in the form of fines, but rather focus even more on the advantages, especially for companies.
The GDPR forces companies to bring order to their data chaos. Only by knowing where important personal information is stored, who can access it, and whether it is being used in the right way can you ensure its protection and integrity. This also and especially applies to the current threat situation, which is strongly characterized by ransomware. It is no coincidence that we are seeing more and more cybercriminals not only encrypt data and threaten to publish it (double-extortion approach), but also report it to the relevant supervisory authorities.
GDPR ensures more order
GDPR requires minimizing storage of consumer data, minimizing who can access it, and minimizing retention periods. This corresponds to the least privilege approach and ultimately ensures a reduction in the explosion radius. It's all about limiting the damage that a compromised account can do as much as possible. When every employee has access to millions of files, including thousands of GDPR-relevant files, the potential scale of an attack and the impact of this volume of unusable, encrypted files becomes clear. If, on the other hand, you restrict the authorizations to files that an employee actually needs for his or her work - as provided for by the GDPR - the extent, the disruption to operational processes and the effect of an attack are significantly reduced. If solutions are also used that can detect ransomware early on and automatically stop it by intelligently analyzing user behavior, then ransomware becomes much less frightening. In this respect, GDPR compliance can also be regarded as effective ransomware protection.
More at Varonis.de
About Varonis Since its founding in 2005, Varonis has taken a different approach than most IT security providers by placing company data stored both locally and in the cloud at the center of its security strategy: sensitive files and e-mails, confidential customer, patient and Employee data, financial data, strategy and product plans and other intellectual property. The Varonis data security platform (DSP) detects insider threats and cyber attacks through the analysis of data, account activities, telemetry and user behavior, prevents or limits data security breaches by locking sensitive, regulated and outdated data and maintains a secure state of the systems through efficient automation .,