Facebook itself would have faced a double whammy: a fine of $1.9 billion instead of the £500,000 the
            company was actually fined for data harvesting earlier in 2018.

            Even after the data deluge of the past few years, during which businesses of all kinds have learned a lot
            about data management, storage, security and dissemination, GDPR has focused minds. And for any
            firms across the Atlantic looking on in relief, this is not just an issue for companies registered in the
            European Union.

            GDPR  covers any  company  that  process  the  personal  data  of  an  individual  or  business  in  the  EU
            regardless of where they themselves are located, with big penalties for both data controllers and data
            processors.

            Of course, GDPR has come about precisely because that data deluge has proven quite how valuable
            personal  information  can  be.  That’s  in  addition  to  business-critical  IPR  that  can  be  extracted  from
            inadequately protected systems and networks. Protecting data at any stage of its journey through the
            corporate world is rather like swimming with sharks: one sign of weakness, one drop of blood in the water
            and you're the most attractive target for some of the most ruthless spies, states, hacktivists and organized
            criminals in the sea.

            Because no one wants to be shark-bait, individual businesses have been rushing to ensure that they
            have the right tools and procedures in place to ensure they don’t fall foul of the cybercriminals or the
            regulatory and reputational consequences of a breach. In their attempts to build a protective shark cage,
            however, businesses have usually looked at protecting in-house systems, solutions and infrastructure in
            an ‘every man for himself’ approach to cyber security.

            But putting up the defenses to create a corporate cyber fortress raises a couple of interesting issues that
            also need to be addressed. Businesses don’t stand in isolation, and in today’s globalised economy, the
            weak link in the chain may not be within the company itself but within the extended supply chain of
            partners, vendors, suppliers, customers and others. Any of these can accidentally (and, on occasion,
            deliberately) open a covert backdoor into a partner business.

            Then there’s the question of what happens to data once it leaves local storage and travels three times
            round the world via global networks. Smart criminals recognise that data can be at its most vulnerable
            when it’s in transit rather than when its sitting secured in various network end points.

            We’ve all seen the rise in the number of and damaged caused by third-party attacks, as cybercriminals
            sneak upwards through the supply chain, sniffing out any vulnerabilities and entry points. Just as we’ve
            seen threats against carrier networks themselves, as criminals siphon off data from network platforms,
            rather than individual devices.

            So  what’s  the  answer?  Certainly  the  individual  approach  is  going  to  deliver  limited  results.  Cyber-
            attackers will always go for the weak underbelly. If it’s not your company today, it’ll be your company
            tomorrow.

            So  instead  of  relying  on  shark-cages,  firms  should  look  for  shark-free  waters.  That  means  network
            providers that have the tools in place to protect the volume, velocity and value of data crossing their
            infrastructure today, providing a ‘clean’ network for all their partners.





                                 80