It’s been another busy year for hackers. According to the Central Statistics Office, nearly 1 in 5 (18 %) of Irish businesses experienced ICT-related incidents, 87 per cent of which resulted in the unavailability of ICT services, and 41% which resulted in either the destruction, corruption or disclosure of data.
Last year saw a number of high-profile security incidents making the headlines. In April, 3,600 accounts belonging to former customers of Ulster Bank were compromised, resulting in some customers’ personal details being released. In July, the Football Association of Ireland confirmed that malware was discovered on its payroll server following an attempted hack on IT systems.
Entering a new decade, digital technologies will continue to permeate every aspect of modern life, and the security of IT systems will come under increasing scrutiny. This will be driven by two major consequences of today’s hyper-connected world. Firstly, the sheer number of systems and devices which have now become digitalised has vastly expanded the cybersecurity threat landscape, potentially multiplying vulnerabilities or points of entry for hackers. Simultaneously, consumers and businesses alike demand constant availability in the products and services they use, reducing the tolerance for periods of downtime.
As a result, the security of data is no less than a global issue on par with national security, economic stability and even the physical security of citizens. It is with this in mind that Data Privacy Day is observed on this day (28th January 2020), a global initiative which aims to spread awareness of the hugely fundamental role that cybersecurity plays.
One of the most important developments in the field of data privacy was the establishment of the General Data Protection Regulation (GDPR) in May 2018. Nearly two years on, it’s timely to review how the new regulatory environment has succeeded in achieving its goals, especially in the light that almost one in three European businesses are still not compliant.
GDPR works by penalising organisations with inadequate data protection through sizeable fines. While this has established an ethical framework from which European organisations can set out strategies for protecting personal data, one issue that is still often overseen is the result of an IT outage, which prevents businesses from keeping its services running. As a server or organisation’s infrastructure is down, data is then at risk to exposure and therefore a company is at risk of failing compliance. IT and business teams will need to locate and close any vulnerabilities in IT systems or business processes, and switch over to disaster recovery arrangements if they believe there has been a data corruption.
This is especially pertinent in Ireland, where, according to a spokesperson for the Department of Business, Enterprise and Innovation (DoBEI), “Data centre presence…raises our visibility internationally as a technology-rich, innovative economy.” A strategic European hub for many multi-national technology giants, Ireland is currently home to 54 data centres, with another 10 under construction and planning permission for a further 31. While this growth in Ireland’s data centre market is a huge advantage for the national economy, Irish businesses must also tread with caution as they shoulder the responsibility for the security and availability of the countless mission-critical applications and processes which rely on them.
An organisation’s speed and effectiveness of response will be greatly improved if it has at its fingertips the results of a Data Protection Impact Assessment (DPIA) that details all the personal data that an organisation collects, processes and stores, categorised by level of sensitivity. Data Privacy Day is a great opportunity to expose unknown risks that organisations face, but moving forward, it is vital that business leaders embed privacy into every operation. This is the only sustainable way to ensure compliance on an ongoing basis.