When my kids were in school, they used to have events scheduled around the 100th day. I remember at the last minute they’d remember they needed to take 100 of something to school, something they were supposed to be collecting over the year. The only things I had readily available were pennies or pens; the pennies I didn’t care about, but they knew they had to bring every one of those pens home or there’d be a serious price to pay.
February 15 was a 100-day marker of another kind – 100 more days until GDPR goes into effect on May 25. Your customer’s data becomes, metaphorically, like my pens – once that deadline hits and any of that information goes missing, you’ve got a serious price to pay. My kids just had some extra chores; your penalty will be in the millions of dollars.
But, also like my kids, a lot of procrastination is happening surrounding GDPR. According to an Information Age article, citing research from EfficientIP, a majority of businesses are feeling very confident about their readiness:
Over two-thirds of global businesses at 72 percent are confident they will have all required GDPR compliance processes in place by 25th May 2018. North America is the most confident region in world, with American and Canadian organizations saying they will be prepared at 84 percent and 75 percent respectively.
That still means there are a lot of companies who aren’t ready, and this is a grave concern. As a Mandiant report revealed, it typically takes 99 days before a data breach is detected. So a breach that happens today will be discovered when GDPR is in effect.
EfficientIP referred to February 15 as Exfiltration Day or X-Day, the day when data breaches will have a whole new level of consequences. The company also warned where we may be most vulnerable:
As DNS is rarely monitored, it has been found to be one of the most discrete and widely used options for cyber criminals to carry out data theft. Proper protection of this protocol is essential when observing GDPR rules - far too many organizations rely on legacy solutions that perform only peripheral analysis, allowing confidential data to be exfiltrated without triggering any alarms.
Is DNS a weak spot for you? Are you prepared to identify and locate your network’s and data’s most vulnerable points in order to remain compliant with GDPR? If not, what are you waiting for? By the time you read this, we are already past X-Day.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba