Why conducting security testing is an important step for GDPR
A survey conducted by UK Gov of security breaches in 2017 (Cyber Security Breaches Survey 2017) found that nearly all UK business asked were exposed to some degree of cyber security risks. Just under half (46%) of all businesses identified at least one breach or attack in the last year. The most common types of breaches related to staff receiving fraudulent or Phishing emails (76%). With viruses, malware, impersonation and ransomware attacks making up the remainder.
Of the businesses that indicated they invest money in to their cyber security (67%), over half (51%) cite the protection of customer data as the main reason for spending in this area. Reputation ranked lowest with only 10% citing it as their main reason.
The General Data Protection Regulation (GDPR) states that all personal data breaches must be reported to the supervisory authority within 72 hours. For the UK that’s the Information Commissioner’s Office (ICO). A failure to report breaches or failure to uphold the sixth data processing principle can carry a fine of up to 20 million euros or 4% of global turnover, whichever is greater.
Penetration testing is a security oriented test to evaluate the security of a system and how it could be broken into. Penetration testing is the most effective way of demonstrating how attackers identify weaknesses and vulnerabilities in a system or network as well as how these vulnerabilities could be leveraged to gain further access to a network. By resolving and remediating the issues identified by a penetration test, a company can greatly reduce the risk of a security breach.
Article 32 requires organisations to implement technical measures to ensure data security. Although Article 32 gives examples of security measures, it does not provide a comprehensive list. It motivates an organisation to find, implement and revise effective security measures considering the dangerous and rapidly changing information security threat landscape.
How Edge Cyber Security can help
Edge Cyber Security’s testing portfolio provides a broad range of security orientated testing services to ensure systems and applications are secure by design and can be used for ad-hoc testing requirements or to form part of a secure development lifecycle.
Of businesses identified cyber breaches in the last 12 months
Breaches related to staff receiving fraudulent or Phishing emails
Of UK businesses are actively investing in cyber security
Why Edge Cyber Security?
Edge Cyber Security is a cyber security firm in the UK offering a great service in the security and compliance market for small and large businesses. We strive to offer the best solution for your business and impartial advice at an honest price. We are constantly investigating new technologies and recommend them when they make sense.
We love what we do, some might say a bit too much, and we bring enthusiasm and commitment to every project we work on. Put simply, if you want a partner who cares about your business choose us to provide your cyber security services.
We listen, we discuss, we advise. Sounds obvious but we listen to your ideas, plans and objectives for your business. We then select the best solution to fit. Your success is our success.
All our services come with comprehensive support to help your business find the most appropriate solution to any identified vulnerabilities. All reports include our recommendations for resolution, detailed findings and an executive summary.
We have security consultants who have cultivated their careers across a variety of sectors. We will always be able to provide someone who understands your business needs and goals when performing penetration testing.
Rarely does a single package fit all clients, and this couldn't be more true in cyber security. That's why we work with you to develop a bespoke engagement that works for you regardless of the project size.