At the beginning of 2018 we wrote about our predictions for the coming calendar year, well over half way through, could we really see into the future?
2018 has seen a raft of legislation and regulation changes over the spring. With the release of PCI DSS v3.2.1 and the GDPR coming into effect, the way in which all businesses handle data and how this is evidenced has changed significantly. At the same time, there has been a significant increase in high profile data breaches, such as Dixons Carphone and Equifax. This poses the question; what will happen in the latter part of 2018?
1.) Data breaches will continue to hit the headlines.
The Facebook/ Cambridge Analytica data breach made global headlines in March. A fine of £500k for Facebook was discussed in last week’s blog however this breach occurred prior to the GDPR coming into effect. If it were to happen now, it could result in a fine of up to £17m/ 4% global turnover, along with huge reputational damage which saw the closure of Cambridge Analytica. There hasn’t been a significant breach yet, but with 2018 showing data breaches are on the rise along with an apprehension for the stance the ICO will take, it is inevitable that when it does occur it will make the headlines.
2.) Companies will invest more in security and training.
In 2018, the UK government released the results of a survey into cyber security breaches. Almost half (43%) of companies reported at least one cyber-attack or data breach. It also identified that most data breaches were linked to human factors, yet only 20% of companies provided any cyber security training for their staff. Not only this, every company who suffered a data breach were found not to be PCI compliant at the time of the breach. PCI DSS v3.2.1 now requires companies to evidence PCI compliance throughout the year. As card details fall under the GDPR, a breach could result in the fines and reputational damage discussed earlier. It’s clear that human error (either intentional or accidental) is a significant factor in data breaches, and companies will have to invest in securing that data and training staff to minimise the risk.
3.) Businesses will look to remove data where possible.
Of course, training and security will only work to a point. As mentioned by James Barham in computer weekly “We expect 2018 to see a step change in the mentality of data protection from trying to keep people out, to simply ensuring there is no data for them to take.” When it comes to sensitive card data, solutions such as Agent Assist will not be able to reduce the rate at which attacks occur, but they will ensure that no card data can be seen or heard which not only ensures PCI compliance, it means the data cannot be taken as the environment is out of scope. When you consider having to prove ongoing compliance throughout the year, with data breaches on the rise and with the real possibility of financial and reputational damage, we expect to see more businesses choosing to de-scope as much of their environment as possible.
So, could we see into the future?
With the increase in data breaches globally, it seems our predictions were right. The risk of data breaches within businesses has never been greater. Add that to increasingly tighter regulations and requirements, businesses are now asking the question ‘can we justify and trust out-of-date systems?’
If the answer is no, get in touch with us to discuss how our suite of solutions can de-scope your contact centre, ensuring there’s no sensitive cardholder data to take.