E R T N
P
X
E INIO
OP
£183 million by the ICO for mistakes that
led to a serious breach of customer data
and there was scope for this fine to be
even higher. million that the NHS was forced to pay
following WannaCry.
Breaching GDPR can result in a fine of
up to 4% of annual global turnover or €20
million, whichever is higher. BA’s fine only
reached 1.5% of its 2017 turnover. Automated patch management is the
first step towards an industry-standard
best practice approach to cybersecurity
that will keep regulators, investors
and customers happy. Systems exist
today that will continuously scan for
vulnerabilities and missing patches,
deploying where necessary without
the need for IT intervention. IT security
leaders can also benefit from risk-
based tools which help them develop
and enforce policies that automatically
prioritise mission-critical systems.
Even without the threat of a GDPR fine,
the cost of a data breach has risen to a
global average of £3.2 million over the
past five years. This figure envelopes
costs from legal proceedings,
investigation and clean-up, and
technology upgrades. Sometimes,
among the biggest outgoings following
a breach are for emergency IT support.
These charges accounted for the
vast majority (£72 million) of the £92
www.intelligentciso.com
|
Issue 17
The first step to strategic security
This approach maximises protection
while enabling security teams to focus
their efforts on more strategic, value-
added tasks – which is good news
all round.
Yet effective, automated patch
management is just the foundational
layer of what needs to be a multi-faceted
cybersecurity strategy. Combine it with
app white-listing to combat zero-day
threats. Then should come other best
practice measures including end-user
awareness and training programmes,
endpoint protection, data encryption,
continuous network monitoring and
privileged access management.
The list is long and will ultimately depend
on the kind of data you process and
your organisation’s risk appetite. But
in the new era of mega GDPR fines, it
should always start with patching. u
43