The global ransomware cyber attacks that affected more than 200,000 victims in 150 countries over the past couple of weeks have highlighted the vulnerability of organisations with regard to online security and data protection.

On May 25 next year the European Union's General Data Protection Regulation (GDPR) comes into effect, replacing a 1995 directive on data protection.

It covers a number of areas with regard to how organisations must manage user and customer data in the modern tech-rich landscape, including addressing the export of personal data outside the EU.

But it also crucially brings in stiff penalties for companies in breach of the regulation.

Once the GDPR is in, any breaches could carry severe penalties for organisations; with potential fines of up to 4% of worldwide turnover - or €20m - whichever is greater.

But are Irish and EU firms ready for this new regulation, and has the recent spate of cyber attacks shown up any glaring issues that need to be quickly addressed? 

RTÉ Business put these issues to some experts working in the sector to find out what they had to say:


Daragh O Brien, Managing Director of Castlebridge Associates


Jennifer Ryan, Senior Cyber Risk & Assurance Advisor, Integrity360


What is ransomware?

The ransomware attacks we have been hearing about recently have mainly targeted PCs running older versions of Microsoft Windows.

Victims have unwittingly granted the latest strain of the WannaCry ransomware access to their files by clicking on bogus links or opening dodgy attachments sent via email.

Once it gets in, the virus quickly encrypts files and a ransom note appears on the victim's screen demanding payment to restore access, otherwise it threatens to delete the encrypted data, with a timer counting down the hours to destruction.

While this is happening, the ransomware is also searching for other vulnerable computers on the infected PC's network, meaning other machines become infected without users letting the virus in.

That is how this latest strand of the WannaCry ransomware managed to spread so far as quickly as it did, and why companies and IT experts are so concerned.

And while the recent wave of attacks looks to be largely contained, cyber experts have warned there is likely more to come from this sort of threat.


Comment via Twitter: @AengusCox