In a survey of 10,000 C-level executives, PricewaterhouseCoopers found that 59% of them had cyber-insurance policies. That’s because, despite ongoing efforts, the data breaches keep coming. The switch from perimeter to endpoint network security has not happened quickly enough, and it alone is insufficient to meet today’s advanced threats.
Breaches hit the financial sector hard. 200 million financial services records were breached in 2016 – an increase of 900% over the previous year. Insiders pose the greatest threat; whether it’s malicious actors within an organization or innocent human error, the resulting breach causes significant financial and reputation damage. Investigators believe that hackers got inside help to pull off the catastrophic heist of Bangladesh’s central bank last year. And financial malware is thriving, as demonstrated by the recent worldwide WannaCry ransomware attacks.
Several trends were predicted to take center stage in 2017 in Experian’s Data Breach Industry Forecast. Most troubling, perhaps, is the prediction that government-sponsored cyber attacks will escalate from espionage to proactive cyber war. The OPM breach was a mere foretaste of things to come as nations ramp up their activities. Experts anticipate internet-based attacks to take down critical infrastructure this year, as well. It is also likely that, at least partly due to this activity, that government surveillance of data will increase.
The Internet of Things, while empowering greater interaction between banks and customers and expanded services, has a dark cybersecurity underbelly. The Federal Trade Commission’s recent suit against a router manufacturer speaks to the severity of the threats that can be caused by insecure internet-connected devices. Last year’s massive Mirai botnet attack, which took most of the US offline for a day, is a case in point.
The Impact of GDPR
In an attempt to defeat attackers in their never-ending quest to steal personal and organizational data, the European Union (EU) developed the General Data Protection Regulation (GDPR). The GDPR’s official site calls it 'the most important change in data privacy regulation in 20 years.' One writer likened it to the all-seeing Eye of Sauron from the Lord of the Rings trilogy.
The regulation covers both EU citizens and citizens of any other country residing in the EU. The goal of the GDPR is admirable: to unify data security, retention and governance legislation across EU member states to protect its population’s data. All companies processing the personal data of people residing in the EU, regardless of the company’s location, must comply. This translates to a jurisdictional nightmare.
This regulation requires greater oversight of where and how sensitive data - such as personal, banking, health and credit card information - is stored and transferred. Most organizations will need to appoint a Data Privacy Officer who reports to a regional authority, as well. EU residents have new rights, including data portability, the right to be forgotten (erasure) and to be notified within 72 hours of the discovery of a data breach.
Fines for non-compliance are harsh. Organizations can be fined up to four percent of annual global revenue or €20 million - whichever is greater. It’s important to understand that these rules apply to both controllers and processors - which means clouds will not be exempt.
The GDPR will go into effect on May 25, 2018. With such huge financial losses at stake, one would think organizations are robustly transforming their data classification, handling and storage methods to conform to the new ruling. But research findings from The Global Databerg Report (a survey of roughly 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the US and Asia Pacific) say that 54% of organizations have not advanced their GDPR compliance readiness.
Why would companies take this risk? The problem is that the GDPR is requiring organizations to address some of their thorniest data challenges, including fragmentation of data and loss of visibility. Cloud-based services and the IoT have only added to the confusion and, along with the default behaviors of data hoarding and poor management, create a 'databerg' (see the report above) that becomes as dangerous and expensive as the iceberg that sank the Titanic.
Financial services firms faced with GDPR compliance can do one of two things. Most affected organizations will spend the next year scrambling to erect infrastructure and processes and deploy personnel to make sure they meet the stringent requirements. The other option is to remove the relevant data altogether from the GDPR’s jurisdiction. Which means taking it offworld.
Storage Beyond the Bonds of Earth
This is not merely wishful thinking. There are already satellites ringing the Earth that regularly receive and transmit information; why not develop a system for secure, internet-free data storage and transmission? A space-based cloud storage network would provide government and private organizations with an independent cloud infrastructure platform, completely isolating and protecting sensitive data from the outside world.
Innovative thinkers have conceived new technologies to deliver this type of independent space-based network infrastructure for cloud service providers, enterprises, and governments to experience secure storage and provisioning of sensitive data around the world. By placing data on satellites that are accessible from anywhere on Earth via ultra-secure dedicated terminals, many of today’s data transport challenges will be solved.
The GDPR’s heavy burden is among those challenges. Space-based data storage frees organizations from the jurisdiction-based restrictions that the regulation will impose. A satellite storage solution also removes today’s most pressing security concerns, since data will never pass through the internet or along its leaky and notoriously insecure lines. In-transit espionage, theft and surveillance become impossible.
A New Opportunity
The GDPR and other regulations are earnest in their desire to keep data safe and examples of the great lengths that must be taken to protect an organization’s digital assets. But they are basing their requirements on the inherently flawed, porous, terrestrial internet. Space-based storage and transmission of data offers a better solution: greater safety that bypasses leaky and insecure internet lines, as well as jurisdictional restrictions. It’s a new option for mission-critical, sensitive data.