Vinnit Patel, Head of Cybersecurity and Risk Consulting at Infosys Consulting:
“With GDPR now only two weeks away, you’d think every company would be fully ready for its impact. In fact, we have no idea what the wider consequences of the new law will be.
“When it comes to cybersecurity, we all assume that GDPR must spell only good news, but the looming deadline could well be a major opportunity for hackers. That’s because the 72-hour deadline to inform the Information Commissioner (ICO) will tempt some ransomware victims to simply pay the ransom to make them go away – and hope that the news doesn’t leak.
“Paying the ransom and keeping quiet is not the sensible route to take, as Uber learned the hard way. Also, there could be a ripple effect: the more businesses that pay up, the more other attackers will be inspired to try their hand.
“With all the build-up to GDPR, you’d expect every business to be fully prepared. In fact, the learning curve will really begin after the deadline, when we’ll see how organisations deal with the unintended consequences of the new regulation. There will be missteps, of course, but these are a crucial part of the learning process. Watching and learning from other organisations will give businesses the chance to make changes to their security processes. Only then will they and their customers be even safer than before.
“GDPR is a process-driven methodology, and these processes will need to adapt in light of the discoveries we make in the months after the GDPR comes into effect. If you thought the hard work was over, think again.”