You can be forgiven for thinking the Information Commissioners Office (ICO) is limited in its ability to act following a data breach, when you find out that NATO can just decide to bomb the baddies!
Currently the ICO is only able to levy fines up to £500k (fortunately for TalkTalk and others), and is unable to actually help victims who must rely on other avenues for justice. It is therefore good news that the recent report on cyber security from the government has recommended custodial sentences for the perpetrators and financial consequences for the directors. This is in addition to the new European Union General Data Protection Regulation (EUGDPR) fines of up to 4% of global turnover. That will help increase prevention activity.
However, what you might have missed, in terms of responses and incentives to behave differently, is that NATO might stick a rocket in following a (major) cyber attack too! Yes it’s true, following a decision by NATO ministers, announced to the media on 14th June, to designate cyber as an official operational domain of warfare, along with air, sea, and land. That means NATO could potentially respond to a cyber attack with conventional weapons.
Of course (for those serious souls amongst you) I’m not advocating forgetting the ICO. They do a very important job and are a part of the solution, and I doubt a rocket launcher would be part of Dido Harding’s asset register anytime soon too. However it’s getting more like the Avengers and Thunderbirds everyday and puts into perspective the opportunities and challenges for information security professionals in 2016.
With a large number of threats now taking place through the supply chain you might want to take a look at my recent post about how to mitigate that third party threat to ensure you don’t have any double agents on board too;)