En un entorno donde la información es un bien preciado, la seguridad de la información es una prioridad para todas las empresas y organizaciones. Hoy en día, proteger los datos críticos de ciberataques y mantener la integridad de los datos es vital para la continuidad de cualquier negocio.
¿Alguna vez te han dicho que todo lo que haces deja huella en el mundo? Puede que sea cierto, o puede que no. Ese es un problema para los filósofos. Pero, lo que sí podemos afirmar es que cada vez que navegas en internet, dejas rastro de lo que hiciste.
Un framework o marco de cumplimiento de seguridad es necesario para cualquier negocio por dos razones: te brinda las mejores prácticas para implementar controles de seguridad y aumenta la confianza de actuales y futuros clientes.
[~6 minutos de lectura]
El vocabulario emprendedor maneja términos muy sexys como crecimiento, expansión o internacionalización. Sin embargo, las regulaciones y normativas de ciberseguridad son esas pequeñas cláusulas en el contrato de las que nadie te habla cuando se trata de ir a nuevos mercados.
(and create very happy customers)
There are certain universal truths about how to build a successful business and create happy customers: Have a clear and impactful mission statement. Offer products and solutions that add value. Listen to the customer and address their needs. Be one step ahead of the ever-changing tide that is innovation.
In the game of supply and demand, quality cybersecurity experts can be tricky to find. Market data has shown that the need for cybersecurity experts in the workforce has grown 53% through 2018, and there is a predicted shortfall of 1.5 million cybersecurity professionals in the near future.
Take the case of British Airways for example. On September 6th, 2018 the airline announced that it had suffered a breach that affected around 380,000 users, and that part of the stolen data included personal and payment information.
Now, although we don’t know the fine that will be levied on British Airways, under GDPR a violation such as this one may lead to a fine of €20 million or up to 4% of a company’s annual turnover in the previous year (whichever is higher), which for BA could reach about £489 million (US$633 million) based on 2017 figures.
A similar case is that of Marriott. In November 2018 they announced that they had been a victim of an attack that compromised the data of 500 million users. Marriott’s annual turnover in 2017 was US$22.9 billion.
More recently, Google has been the target of a €50 million fine in France for failing to provide enough information to users about its data consent policies and not giving them enough control over how their information is used.
Often when we read about GDPR, it may sound like it’s all about notifications (letting users know what kind of data the company is using and how it will be used and notifying them of security breaches in a timely fashion), but if these cases show us anything it’s that companies will be under scrutiny not only for how they use their customer’s data but also how they protect it. This is where early detection and prevention of security vulnerabilities is key.
Article 32 of the GDPR provides that businesses must
“implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including […] as appropriate: […] a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.”
Hackmetrix 2018. All rights reserved.
