How penetration testing can help you comply with the GDPR.
By May 25th 2018, the European privacy legislation, the General Data Protection Regulation (GDPR), will be put in operation. From that moment on, all organizations that process personal data are obliged to comply with the new privacy regulation. Striving for compliancy brings a lot of pressure for organizations. Studio | Secure can partially alleviate this pressure with a penetration at network-, server- and application level.
In the GDPR it is recommended to assess privacy-sensitive applications and critical infrastructure for security risks and regularly test the effectiveness of security checks.
Our GDPR penetration tests and vulnerability scans help organizations to comply with this recommendation. In addition, breach reports will be legally required (no later than 72 hours), so you cannot afford not to have performed a penetration test.
You might be a small-medium-big organisation that’s seemingly below cyber criminals’ radar, but you are far from immune to data breaches. Small and medium-sized enterprises account for a large proportion of cyber attacks, victims of random and indiscriminate attacks that target vulnerabilities, rather than specific organisations.
Almost half (46%) of respondents identified at least one cyber security breach or attack in the past 12 months. These incidents are often a result of an unpatched system or other vulnerability that can be easily identified in a penetration test.
Penetration testing is essentially a controlled form of hacking in which a professional tester, working on behalf of an organisation, uses the same techniques as a criminal hacker to search for vulnerabilities in the company’s networks or applications.
The importance of penetration testing will become even more apparent when the EU General Data Protection Regulation (GPDR) takes effect on 25 May 2018. It is one of the measures mentioned of the Regulation, which outlines organisations’ need to put in place defences appropriate to the risks they face.
The GDPR and penetration testing
Most organisations will recognise that the greatest threats exist where their systems are exposed to the Internet. Whether through malicious attacks or staff misuse, an organisation’s systems are most likely to be compromised wherever internal systems meet the external environment.
Although it is possible to completely secure a network by closing it off from the outside world, most organisations need the logical perimeter to be porous to some degree.
For GDPR compliance, penetration tests are crucial. They provide a final, end-of-state check to make sure all the necessary security controls have been implemented correctly. They can also be used in the early stages of developing new processing systems to identify potential risks to personal data.