Page 1 of 2 12 LastLast
Results 1 to 16 of 21

Thread: Companies may face £17m fines for lax cybersecurity

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    27,718
    Thanks
    0
    Thanked
    1,720 times in 595 posts

    Companies may face £17m fines for lax cybersecurity

    After the government starts to implement the EU’s NIS directive in the UK, from 10th May 2018.
    Read more.

  2. Received thanks from:

    Millennium (30-01-2018),Saracen (31-01-2018)

  3. #2
    Senior Member
    Join Date
    May 2014
    Posts
    902
    Thanks
    53
    Thanked
    114 times in 75 posts

    Re: Companies may face £17m fines for lax cybersecurity

    This should have been effected and put in place many years ago, however back then CyberSecurity wasn't as much on the radar as it is now.

    I wonder if a company can be clocked by the GDPR and this side by side, in which case it could be financially crippling.

  4. Received thanks from:

    Millennium (30-01-2018)

  5. #3
    Senior Member
    Join Date
    Jun 2005
    Posts
    1,062
    Thanks
    652
    Thanked
    96 times in 82 posts
    • Millennium's system
      • Motherboard:
      • Asus Z170 Pro Gamer ATX
      • CPU:
      • Intel i5 6600K @ 4.5GHz 4 core
      • Memory:
      • Corsair VPX 3000 DDR4 (16, 4*4)
      • Storage:
      • 500gb 850 Evo sata3 SSD, 2*2TB Green 5900 Raid 0
      • Graphics card(s):
      • MSI 390 8gb
      • PSU:
      • toughpower 1kw
      • Case:
      • Zalman Z3 Plus
      • Operating System:
      • Windows 10 64bit
      • Monitor(s):
      • VIEWSONIC VG2401MH 144hz (Solid)
      • Internet:
      • Origin ADSL Broadband, not really recommended.

    Re: Companies may face £17m fines for lax cybersecurity

    Quote Originally Posted by Tabbykatze View Post
    This should have been effected and put in place many years ago, however back then CyberSecurity wasn't as much on the radar as it is now.

    I wonder if a company can be clocked by the GDPR and this side by side, in which case it could be financially crippling.
    It needs to be done though. Far too many companies, large and small, have terrible data protection practices. We need the legislation here, arguably even more, to keep people safe in the digital age.
    : n(baby):n(lover):n(sky)|>P(Name)>>not quite

    how do you spend your time online? (Hexus link)

  6. Received thanks from:

    Saracen (31-01-2018),Tabbykatze (30-01-2018)

  7. #4
    Registered+
    Join Date
    Oct 2017
    Posts
    81
    Thanks
    0
    Thanked
    3 times in 3 posts

    Re: Companies may face £17m fines for lax cybersecurity

    How much will the government agencies get fined or are they exempt with it being public cash they waste ?

  8. #5
    Member
    Join Date
    Feb 2013
    Posts
    113
    Thanks
    0
    Thanked
    4 times in 4 posts

    Re: Companies may face £17m fines for lax cybersecurity

    Minimising the impact - don't store in plain text.

  9. #6
    Senior Member spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    953
    Thanks
    62
    Thanked
    203 times in 143 posts
    • spacein_vader's system
      • Motherboard:
      • Asus B85M-G
      • CPU:
      • i5 4460 3.2GHz
      • Memory:
      • 4x4GB Crucial DDR3 1600
      • Storage:
      • 128GB SSD, 256GB SSD
      • Graphics card(s):
      • Asus RX-480 Dual OC 4GB
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Antec Mini P180
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Origin Fibre Max

    Re: Companies may face £17m fines for lax cybersecurity

    Quote Originally Posted by Tabbykatze View Post
    This should have been effected and put in place many years ago, however back then CyberSecurity wasn't as much on the radar as it is now.

    I wonder if a company can be clocked by the GDPR and this side by side, in which case it could be financially crippling.
    They can. Should be fun.

  10. #7
    Senior Member
    Join Date
    May 2014
    Posts
    902
    Thanks
    53
    Thanked
    114 times in 75 posts

    Re: Companies may face £17m fines for lax cybersecurity

    Quote Originally Posted by spacein_vader View Post
    They can. Should be fun.
    Ooft, my money is on Talk Talk being breached again

  11. #8
    RGB Champion Ttaskmaster's Avatar
    Join Date
    Nov 2013
    Location
    Reading, UK
    Posts
    4,406
    Thanks
    142
    Thanked
    470 times in 393 posts
    • Ttaskmaster's system
      • Motherboard:
      • Asus X99-PRO
      • CPU:
      • i7 5960X o/c to 4.summat
      • Memory:
      • 16GB Corsair DDR4 somethingorother
      • Storage:
      • Samsung Evo 120GB and Seagate Baracuda 2TB
      • Graphics card(s):
      • Gigabyte G1 GTX980Ti
      • PSU:
      • EVGA Supernova G2 1000W
      • Case:
      • Phankecks Enthoo Luxe perspex window
      • Operating System:
      • Win10 64 Home
      • Monitor(s):
      • Acer Predator XB270HU 1440 IPS GSync
      • Internet:
      • BT 0.7Mbps 'In The Sticks' version

    Re: Companies may face £17m fines for lax cybersecurity

    Well, we're going out of business, then.......!!!!

  12. #9
    Senior Member Xlucine's Avatar
    Join Date
    May 2014
    Posts
    1,360
    Thanks
    203
    Thanked
    100 times in 85 posts
    • Xlucine's system
      • Motherboard:
      • Gigabyte Z97MX Gaming 5
      • CPU:
      • i5 4690K @stock
      • Memory:
      • 16GB @2133 11-11-11-27
      • Storage:
      • Crucial MX500 1TB, Crucial MX100 512GB, 2TB hard disk
      • Graphics card(s):
      • EVGA 980ti
      • PSU:
      • Seasonic S12G-550
      • Case:
      • Silverstone TJ08-E
      • Operating System:
      • W10 pro
      • Monitor(s):
      • Viewsonic vx3211-2k-mhd, Dell P2414H
      • Internet:
      • Virgin 150 mb fibre

    Re: Companies may face £17m fines for lax cybersecurity

    I've already seen adverts for hardware encrypted hard drives boasting about how you don't need to notify anyone if you lose it

  13. #10
    Senior Member
    Join Date
    May 2014
    Posts
    902
    Thanks
    53
    Thanked
    114 times in 75 posts

    Re: Companies may face £17m fines for lax cybersecurity

    Quote Originally Posted by Xlucine View Post
    I've already seen adverts for hardware encrypted hard drives boasting about how you don't need to notify anyone if you lose it
    That's not quite right, if a hard drive is stolen with sensitive information on it then the data controller does have to notify that the data has been lost but it was encrypted and secured.

    However if the hard drive is stolen with sensitive information on it and it is technically the only copy then that is the same as it being stolen.

    Basically any company saying something like that should not be trusted. The GDPR is too serious to just be brushed off like that, organisations and companies are scrambling to get themselves secured. Basically, the reason I say the above is it is the responsibility of the oranisation to prove that the data was encrypted or pseudononymised. With those little hardware encrypted hard drives, I would be interested in how they allow an organisation to "prove" that the data was encrypted at point of breach. Because if they can't prove it, fine time.
    Last edited by Tabbykatze; 31-01-2018 at 08:57 AM. Reason: clarification of encryption and GDPR

  14. #11
    Senior Member chrestomanci's Avatar
    Join Date
    Sep 2004
    Location
    Reading
    Posts
    1,593
    Thanks
    91
    Thanked
    93 times in 77 posts
    • chrestomanci's system
      • Motherboard:
      • Asus AMD AM4 Ryzen PRIME B350M
      • CPU:
      • AMD Ryzen 1600 @ stock clocks
      • Memory:
      • 16Gb DDR4 2666MHz
      • Storage:
      • 250Gb Samsung 960 Evo M.2 + 3Tb Western Digital Red
      • Graphics card(s):
      • Basic AMD GPU (OSS linux drivers)
      • PSU:
      • Novatech 500W
      • Case:
      • Silverstone Sugo SG02
      • Operating System:
      • Linux - Latest Xubuntu
      • Monitor(s):
      • BenQ 24" LCD (Thanks: DDY)
      • Internet:
      • Zen FTTC

    Re: Companies may face £17m fines for lax cybersecurity

    Why the stock image of the Sellafield nuclear site? What has that got to do with cyber security? If you are looking for a vaguely relevant stock image to use, I am sure you can find one of the GCHQ donut.

  15. #12
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,207 times in 2,281 posts

    Re: Companies may face £17m fines for lax cybersecurity

    This is a good start, but as I understand it, this legislation applies only to "operators of essential services", not the vast majority of commercial operators. It's about securing "critical infeastructure" not protecting data security for consumers.

    While I entirely back measures to ensure critical infeastructure is protected, and frankly it's disgraceful that, first, it's taken this long, and second, it took an EU directive to get it in place, I would personally like to see FAR more aggressive legislation and action protecting consumer data. Any company that goes out of it's way to acquire data on us should face crippling fines if it fails to take adequate precautions to secure it. If that means a company or two get fined out of existence, great. It'll motivate the others.

  16. #13
    Member
    Join Date
    Aug 2003
    Location
    Wirral
    Posts
    168
    Thanks
    3
    Thanked
    6 times in 5 posts

    Re: Companies may face £17m fines for lax cybersecurity

    I wonder how all the NHS hospitals are going to respond to this?

  17. #14
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,466
    Thanks
    138
    Thanked
    293 times in 235 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: Companies may face £17m fines for lax cybersecurity

    Quote Originally Posted by Saracen View Post
    I would personally like to see FAR more aggressive legislation and action protecting consumer data. Any company that goes out of it's way to acquire data on us should face crippling fines if it fails to take adequate precautions to secure it. If that means a company or two get fined out of existence, great. It'll motivate the others.
    I'm curious about what you would like to change? Personally I think the UK's implementation of the GDPR is good.

    For others reading this, PII=personally identifiable information. Think of is as any data about a person such as an email address, political affiliations, home address or even your name.

    It requires:
    Companies to know what PII they hold and where.
    Only store PII that is necessary for them to do business (i.e. stop storing all other PII)
    Secure that data using "state of the art security"
    Mandatory data breach notification to the regulator within 72 hours.

    Fines can be up to 2% of global turnover for lesser offences or 4% of global turnover for more serious breaches.

    For example Google with its appx $90 billion turnover could be fined $3.6 billion

    Companies that make no profit can still be hit with huge fines.

    "State of the art" is used as a description for security as mandating controls tends to be out of date by the time legislation is passed.

    Finally, this is a simplification for the sake of remaining brief.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  18. #15
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,466
    Thanks
    138
    Thanked
    293 times in 235 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: Companies may face £17m fines for lax cybersecurity

    Quote Originally Posted by Stu C View Post
    I wonder how all the NHS hospitals are going to respond to this?
    The same way they always do.

    Massive panic. Draw up loads of irrelevant process and paper forms for everyone to fill in every time they think about touching technology. Staff then ignore the overbearing processes as they are a complete waste of time.
    Rest of country continues to worship the religion and fiscal black hole that is "our great NHS" and point out that the front line staff are wonderful as justification that the rest of the organisation is also somehow wonderful. Then NHS continues killing grannies and rationing treatment because they "need more funding"
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  19. #16
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,207 times in 2,281 posts

    Re: Companies may face £17m fines for lax cybersecurity

    Quote Originally Posted by badass View Post
    I'm curious about what you would like to change? Personally I think the UK's implementation of the GDPR is good.

    ....
    First, an informed, explicit, written consent before ANY PII can be held for longer than is needed to provide whatever goods/services were contracted for, and after that, it can ONLY be used for complying with legal requirements on record-keeping, like accounting, auditing, tax requirements, unless that explicit, informed and written consent is given.

    Second, consent can be withdrawn at any time, after which data will cease being used for any non-mandatory purposes, including but not limited to all marketing, data warehousing and especially data analytics.

    Third, a more granular level of permissions, especially where sensitive data is held, like medical data, or political opinions.

    Fourth, for such sensitive data, any consent automatically expires after a defined period, say, three years, unless consent is explicitly renewed.

    Fifth, under NO CIRCUMSTANCES will sensitive data be transferred to ANYBODY other than the persons to whom it was originally supplied, without explicit consent.

    Sixth, under NO CIRCUMSTANCES WHATEVER will such data be transferred outside of the direct jurisdiction of the regulatory authority under which it was supplied i.e. currently, EU Data Protection courts and, post-Brexit, the UK courts.

    Seventh, some of the possible punitive fines bring applied where firms don't take adequate precautions and for repeat offenders, punitive to the point of bsnkruptcy.

    Eight, for illegal cold-callers and spam marketers .... execution by means of the death of 1000 cuts.




    Okay, I'll accept I'm probably pushing my luck with 8. But I can hope.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •