Last week’s EU referendum was the most important political decision of the UK in many decades. In the aftermath of a surprise result, the past few days have been tumultuous with the resignation of Britain’s Prime Minister, a plummeting of the currency and stock exchange values, turbulent situations for both main political parties, and renewed pressure on the breakup of the UK itself. The full consequences of the EU decision is largely unknown at this point. As these dramatic events unfold, Britain and Europe are clearly in a state of flux and much about the future remains uncertain.
Dire warnings predict that the UK will be more vulnerable to cyber attack after Brexit. In the past few years Europol has been increasingly effective in preventing cyber crime. The EU had begun to make real headway in meaningful cyber security intelligence sharing. The European Cybercrime Centre (EC3) co-ordinates cross-border law enforcement activities against cybercrime. It is the core of cybercrime information sharing and I have been impressed by their progress. Brexit excludes the UK from these formal bodies. UK individuals who have worked closely with their EU counterparts must continue to foster these relationships under the new order.
EU data protection regulations are more stringent than existing UK legislation. All companies (including those outside the EU) that handle data on EU citizens will need to adhere to the General Data Protection Regulation (GDPR) which comes into effect in May 2018. The GDPR sets a high standard in data protection and it makes sense to follow it regardless. Implications of GDPR include:
- Organisations need to notify authorities and affected users in the event of a breach of personally identifiable information (PII).
- Organisations must obtain explicit consent to store and use private data.
- Individuals have a right to request erasure of personal data held on them, under certain conditions.
- Personal data needs to be portable in the sense that individuals are able to transfer their personal data from one electronic processing system to another.
Cyber attackers work without borders and are quick to take advantage of uncertainty and changing conditions. As the landscape changes, no doubt, new opportunities for cyber attack which will emerge.
As a data security company SentryBay continues to closely monitor how the implications of the Brexit vote pan out, but we do not expect there to be significant negative impacts on our ability to service our existing partners and attract new European customers. We anticipate that EU exit negotiations will result in an arrangement that maintains the current favourable status of economic trade between the UK and EU. We also do not expect significant impacts on our ability to attract top talent – our company hires only the elite of the infosec world and there are rarely barriers to the movement of the most talented that can’t be circumvented. No doubt there will be volatility ahead such as a possible exit from the UK of some financial firms, but UK infosec firms that are resilient and adaptable will be able to cope.
Information security will become even more important in our altered future. Our advice is to adapt, keep calm and keep secure.