TechRepublic's Dan Patterson sat down with Caleb Barlow, IBM Security Vice President to discuss how in a post-GDPR world threat actors and hackers are able to operate anonymously. The following is an edited transcript of the interview.
Dan Patterson: Take me 12 weeks down the line, maybe 18 weeks. Usually we'd look at events like the GDP, and we're able to at least forecast a little bit. But things might get a little crazy; you mentioned spam already. What's else can consumers and can business anticipate in the short term? When the hype is gone, but while we still live in the shadow of GDPR.
Caleb Barlow: Well there's a couple of things that we're all kin do looking at with GDPR. One is when do we start to see actual cases and incidents, both incidents that happen at companies get filed cos now they've got a 72 hour window, and what do those look like? How often are those occurring?
SEE: Getting ready for the GDPR: An IT leader's guide (Tech Pro Research)
I think the second thing we're all going to be interested to see is when do we actually start seeing enforcement if any of these rules are broken? What does that enforcement look like?
And then the third thing is, remember, there's a human adversary on the other side of this. And that's what people often forget. What is that adversary's next move. Now we can guess and anticipate, and our guesses right now today, a few days after GDPR, they're actively and aggressively going out and establishing a new foothold in new domains. The difference this time is they're able for the first time to do it with complete anonymity.
Now they'll probably sit on those domains for about three to four months before they'll launch their attacks because as new domains pop up, companies like ours, we got—we scan them, we look at them. We look for malicious activity; they'll kind of wait, make them look like normal websites, and then they'll strike.
And the difference now when they strike is normally a campaign might only last a few hours to a few days, as they're sending out millions of spam messages. In the future, two or three months from now, those same campaigns may last 30 days or more before the security committee is able to rally to close them down because of this increasing attack surface due to the privacy that the bad guys now enjoy.
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.