1 in 10 SMBs ready for GDPR - Comment
March 2018 by Keith Graham, CTO at SecureAuth
In response to the news that fewer than 1 in 10 small businesses are prepared for the GDPR, Keith Graham, CTO at SecureAuth has issued the following comment.
It’s worrying to hear just how many small businesses have failed to prepare for the GDPR, with less than 100 days to go before it comes into force. But these businesses should see this as an opportunity. The GDPR itself is well intentioned, best-practice common sense, but adhering to the letter of regulations isn’t enough. Often security regulations default to general requirements such as “appropriate technical and organizational protection measures” as they can’t keep pace with the rapidly changing cyber-security environment.
Two-factor authentication for example is not enough to secure organisations today. Persistent attackers can easily circumvent most second factor methods and a multi-layered, adaptive approach is required. However 2FA is recommended, yet not mandated, as a compliance check under GDPR.
Security regulations inevitably fail to address the business realities of cyber security. Businesses must make substantial investments in order to achieve GDPR compliance, but this cost will force many to give disproportionate emphasis to certain security elements, rather than holistically addressing their real security issues. Reducing cyber-security to a lowest-common denominator box-ticking exercise can never be a long term solution for businesses.