Expert insights: DDoS, GDPR and the journey to cybersecurity

In an exclusive interview with TechHQ, Barrett Lyon of Neustar discusses what companies should focus on in the coming months if they want to protect their business.
16 May 2018

Look under the hood to take your first steps towards cybersecurity. Source: Shutterstock

There’s a lot of complexity when it comes to cybersecurity. It’s also one of the most challenging areas to tackle for new businesses and small and medium enterprises.

However, cybersecurity can’t be ignored. Failing to take proper measures can have a devastating impact on the business, including expose the company to data leaks, hacks, and penalties for non-compliance with cybersecurity and data privacy laws such as the General Data Protection Regulation (GDPR).

In an exclusive interview with TechHQ, Barrett Lyon, GM, DDoS, Neustar sheds light on what businesses should focus on and how they should tackle GDPR compliance.

What are the top cybersecurity risks for enterprises?

Today’s connected world offers tremendous opportunities for richer personal and professional lives, but these opportunities come with commensurate risks.

DDoS attacks are used to extort money, amplify social or political causes, launch incriminating activity and harm competitors.

And while DDoS attacks continue to command the greatest attention, application layer threats have become more damaging and are also the most difficult to detect, with almost no red flags before they wreak havoc.

This threat represents a new reality where the strikes have morphed beyond standard and commonplace into dangerous and continuous.

The financial risks alone can exceed far beyond a quarter of a billion dollars and drives home the point that speed in detection and response is an ally to risk mitigation practices.

What are the first steps to protecting a young business?

The changing posture of security threats – from networks to applications, disruption to data exfiltration and one-dimensional to multi-dimensional attacks – is driving an architectural shift in the security industry.

The companies that are most prepared for a cyberattack – ranging from small businesses to large enterprises – have a well-defined Business Continuity Plan, which should provide a roadmap for responding to a range of potential emergencies relating to the data and the facilities that comprise of business assets.

Why are robust cybersecurity measures critical to complying with the GDPR and other data privacy laws?

Privacy laws and the GDPR, in particular, raises the bar for processing personal data based on the consent of the data subject.

The regulations give people greater control of their data, imposing strict rules on companies that host and process the information, and on the free movement of this data, within and outside the EU.

While this will be a limiting factor in the use of consumer data, having a bulletproof cybersecurity strategy creates a prime opportunity for organizations to build better customer relationships, streamline IT and improve data management.

For a start, businesses need to ensure that all sensitive data is stored responsibly and securely in inventories that are regularly reviewed and updated.

A crucial yet often overlooked point is having the visibility of where multiple backup copies reside to avoid being rendered as non-compliant when customer data is required to be erased.

A Data Protection Officer (DPO) should also be appointed to articulate the lawful basis for any personal data processing, identify and mitigate associated privacy risks to ensure alignment with GDPR requirements. This can be outsourced depending on the business’s IT requirements.

What are some of the important things people neglect when evaluating their cybersecurity risks and vulnerabilities?

Despite growing awareness around the potential effects of DDoS attacks, firms today are still left with their hands full in attempts to secure the enterprise value chain.

In our conversations with customers, we found that while this is due to various internal and external issues, it often boils down to the fact that as the threat landscape continues to evolve, many IT and security professionals find themselves overwhelmed and unable to keep up.

One of the main issues lies within detection speeds – which have continued to lag – and are an attributing factor relative to the impact of the attack.

To address this, organizations must ensure they understand where the greatest risks to the business lie, outside of just the web perimeter, and take the necessary actions to safeguard against risks.

From securing web-facing applications to encrypting mission-critical data and IP, fortifying the most valuable data and information should be the priority when preparing an organization against cyberattacks.

However, it is comforting to know that we are starting to see the adoption of cloud security and web application firewall quadruple as companies start to enhance their security infrastructure.

This includes protection to guard against network layer attacks and application layer attacks. A combination of hardware and cloud-based mitigation is the way to go to ensure better protection from all angles.