Under the GDPR, companies throughout the EU need to name someone responsible for data protection. In Ireland, it seems the wheels are already in motion.
According to General Data Protection Regulation (GDPR), data protection officers must be appointed for all public authorities as well as companies that operate with the “regular and systematic monitoring of data subjects on a large scale”.
In Ireland, almost four in five companies have named a person for their organisations’ data protection, according to the latest national data protection survey, with IT professionals those who are commonly handed the task.
With over 200 professionals surveyed by the Irish Computer Society, the report found that data breaches have increased in the last year, with 61pc of organisations reporting at least one in the past 12 months.
Interestingly, more than half of these were caused by staff members, or ‘insiders’.
The number of breaches by external attackers has increased in recent years, rising from 15pc of breaches in last year’s survey to 22pc now. Outsiders (43pc), employee negligence (36pc) and end-user devices hosting sensitive data (36pc) were the three biggest perceived threats, according to the report.
Indeed, Digital Guardian recently compiled a report into insider and outsider risks across companies’ cybersecurity operations. The threat from inside is immense and very difficult to manage, given the lack of intent or desire for financial gain in many cases of data leaks.
While outsiders use DDoS attacks or malicious USB drops, insiders have knowledge of systems, can physically steal data and, more often than many would care to admit, cause problems due to basic human error.
We recently looked at the cybersecurity area in terms of employment, finding it to be one of the more worrying areas suffering from the ongoing technology talent gap in Ireland.
A global study of the infosec workforce in 2015 predicted that the cybersecurity talent shortage would reach 1.5m within five years, as demand outstrips supply.
A recent report from PwC found that a growing number of companies are investing in a security strategy for the internet of things.
The report – measuring over 10,000 participants in 133 countries – found that security strategies are becoming more nuanced and considered, with more thought going into sophisticated measures.