As encrypted traffic through the internet is increasing at an astonishing pace, it is becoming increasingly difficult to distinguish legitime traffic from malware.

As Enterprise Innovators wrote some days ago:

Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity. To reduce adversaries’ time to operate, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, according to the 11th Cisco 2018 Annual Cybersecurity Report (ACR).

The problem if you are a European citizen or a company operating on European soil? Well, it is GDPR, or General Data Protection Regulation, the new privacy framework that any company with European citizens as customers will have to follow from may 25 this year.

The point here is that one of the main tools accessible to identify encrypted analytics is UBA, User Behavior Analytics

As the same article explains:

92% of security professionals said behavior analytics tools work well. Two-thirds of the healthcare sector, followed by financial services, found behavior analytics to work extremely well to identify malicious actors

You may wonder what UBA is and why it is important?

Search Security explains:

UBA collects various types of data, such as user roles and titles, including access, accounts and permissions; user activity and geographical location; and security alerts. This data can be collected from past and current activity, and the analysis takes into consideration factors such as resources used, duration of sessions, connectivity and peer group activity to compare anomalous behavior to. It also automatically updates when changes are made to the data, such as promotions or added permissions.

And here is where the policies dictated by a bureaucrats in Brussel meet reality. Under the framework of GDPR the employees have a much higher protection degree when it comes to their behavior.

According to AnalyticsinHr, employees will have the following rights:

  1. How long the employer aims to keep the data;
  2. whether the data will be used for automated decision-making,
  3. whether the employer intends to transfer the data abroad, and if so,
  4. which safeguards will be provided in that context.

In addition, employees will also have, under certain circumstances,  “the right to be forgotten” and ask for the deletion of their data. 

As a result, it is highly probable that the practical collection of many of these data will collide with GDPR. The use of UBE as a useful discipline within AI for avoiding cyber attacks and malware may therefore be seriously impaired.

Will European companies and states become an easier prey to hackers and cyberattacks thanks to an ill-designed legal framework? It seems highly probable.

The consequence? We may see an even higher number of European startups within the realm of AI and cyber security move to USA or Asia (read China). We may also see a greater and less effcient allocation of resources to cyber security in Europe.

All together, it may lead Europe to lower economic growth and give a lower standard of living to Europeans.

Interesting? Share it with your peers!