There seem to be two main trends currently in cyber security marketing. GDPR or Ransomware. Here are my musings.

GDPR is generally not a security play in the traditional sense. All security aims to make the customer more secure, GDPR wants you to be more secure, realistically you can crow bar anything into this. Regardless of how relevant it is. Two main areas in technology seem to be key, encryption and reporting. The main element being how do you protect data at rest. GDPR legislation is far more about policy and process than it is about product. My rule of thumb is, if your technology deals with data at rest, it is much more likely to be a GDPR play. You do not have to have a breach to suffer at the hands of GDPR, it can easily be insider threat or an accident.

Ransomware, first up there are two types, the established type of encrypting files, the new type of amending a process. Here it is key to notice that deleting, distributing or releasing data is not part of the attack. This is about down time. The fact is someone must get into your system for this to be an issue. There is a key different here. My rule of thumb here is if you stop people getting in, or help clean up after a disaster, this is for you.

Encrypt/ monitor/ report – GDPR

Perimeter, end point, back up/ DR – Ransomware

Please marketers don’t jump on a band wagon just because it is driving past. The best marketing doesn’t jump on a band wagon but create their own. Next Generation Firewalls springs to mind…