Compliance is – and will continue to be – one of the greatest business challenges to impact data security. It is driving businesses and business leaders to tighten up their data security, improve their knowledge of risk and role in leading information security in their businesses. However, IT departments and technology companies must also acknowledge that both the continuous developments in technologies and increasing business pressures are creating their own set of challenges. 

The cloud, Internet of Things and Artificial Intelligence are all growing as part of digital transformation projects, and it’s become more important than ever that information security requirements are factored into the overall security posture of an organisation. 

While there are masses of articles on the General Data Protection Regulation (GDPR), raising concerns about compliance and regulation, a key benefit of this coverage is that it will improve knowledge of information security at a society level. This is a positive but people are at the very heart of information security. 

While businesses continue to support improvements in awareness they still need to focus on the fact that people are often the weakest link when it comes to clicking on phishing emails, opening attachments or simply considering the structure of the passwords. 

Business also need to adapt the way they communicate to reflect this challenge and support the training they provide staff. Sending out staff surveys which ask a member of staff to click on a link, for example, is counterproductive to the efforts spent trying to discourage employees from doing this due to the phishing risks. The threat actors and vectors used to attack our systems and data sources continue to change and develop. 

To have well balanced and effective information security, businesses need to embed in day to day business processes and practices – not just rely on annual compliance checks. The GDPR is driving this through the requirements for accountability. 

For more information on the impact and opportunity of the GDPR, read our whitepaper here.