Why conducting security testing is an important step for GDPR
A survey conducted by UK Gov of security breaches in 2017 (Cyber Security Breaches Survey 2017) found that nearly all UK business asked were exposed to some degree of cyber security risks. Just under half (46%) of all businesses identified at least one breach or attack in the last year. The most common types of breaches related to staff receiving fraudulent or Phishing emails (76%). With viruses, malware, impersonation and ransomware attacks making up the remainder.
Of the businesses that indicated they invest money in to their cyber security (67%), over half (51%) cite the protection of customer data as the main reason for spending in this area. Reputation ranked lowest with only 10% citing it as their main reason.
The General Data Protection Regulation (GDPR) states that all personal data breaches must be reported to the supervisory authority within 72 hours. For the UK that’s the Information Commissioner’s Office (ICO). A failure to report breaches or failure to uphold the sixth data processing principle can carry a fine of up to 20 million euros or 4% of global turnover, whichever is greater.
Penetration testing is a security oriented test to evaluate the security of a system and how it could be broken into. Penetration testing is the most effective way of demonstrating how attackers identify weaknesses and vulnerabilities in a system or network as well as how these vulnerabilities could be leveraged to gain further access to a network. By resolving and remediating the issues identified by a penetration test, a company can greatly reduce the risk of a security breach.
Article 32 requires organisations to implement technical measures to ensure data security. Although Article 32 gives examples of security measures, it does not provide a comprehensive list. It motivates an organisation to find, implement and revise effective security measures considering the dangerous and rapidly changing information security threat landscape.
How Edge Cyber Security can help
Edge Cyber Security’s testing portfolio provides a broad range of security orientated testing services to ensure systems and applications are secure by design and can be used for ad-hoc testing requirements or to form part of a secure development lifecycle.
Of businesses identified cyber breaches in the last 12 months
Breaches related to staff receiving fraudulent or Phishing emails
Of UK businesses are actively investing in cyber security
Why Edge Cyber Security?
At Edge Cyber Security, we strive to offer top-notch testing and impartial advice at reasonable prices. We do security work because we love it, and we’re constantly investigating new technologies that might help our clients achieve stronger security systems. No matter the projects we’re given, we pursue our tasks with enthusiasm and commitment.
Based in Bristol, we serve the entirety of the UK. If you’re looking for a security partner who’ll treat your business with as much care as you do, choose Edge Cyber Security to provide your cyber security services. You can rely on us.
We Listen
We’ll listen to your ideas, discuss your needs, and advise accordingly. It may sound obvious, but it isn’t always done. We look at it this way: your success is our success.
Support
We’ll provide comprehensive support to help your business find the most appropriate solutions to any identified vulnerabilities. Every tier includes broad recommendations.
Experience
Our security consultants have cultivated their skills across various sectors, and we’ll assign you a penetration tester with the background to understand your business needs..
Flexibility
Rarely does a single package fit all clients, and this couldn't be more true in cyber security. That's why we work with you to develop a bespoke engagement that works for you regardless of the project size.