Matchlight Expands into the European Market

Next: Our Recent Trip to the UK: Kicking Off...
Previous: The Failures of Protecting Consumer Privacy: Our Takeaways...
Writer Danny R.
March 05, 2018

Danny is one of the founders of Terbium and is known around the office for his extended soliloquies and pontifications about the security industry. He blogs about global trends and the importance of knowing where one's data is on the dark web.

Today we announced two major partnerships that will help us bring Matchlight’s data intelligence capabilities further into the European market. MMOX, based in The Hague, and adyton, based in Munich, both bring deep experience providing intelligence to European enterprises in The Netherlands, Germany, Austria, Switzerland, Belgium, Luxembourg, and beyond. We are excited to partner with both organizations to help bring Matchlight’s dark web insights to European organizations.

The dominant news for European information security this year is, obviously, GDPR, or the General Data Protection Regulation. GDPR is an immense new law that takes effect this Spring for any business that operates within the European Union. It is a complex and far-reaching law that pushes businesses to adopt best practices in securing personal data and be forthcoming and transparent about data breaches. It puts harsh penalties in place for non-compliance, including massive fines of up to 4% of global annual turnover. It also expands the definition of personal data and holds accountable not only primary data controllers, but the contractors with whom they deal to process that data.

To us, GDPR represents a template for improving security across the entire internet, and other governments around the world should (and likely will) follow suit in the coming years. It creates accountability for companies like Equifax that collect personal information of individuals but have little incentive to properly secure it, since those individuals affected by the breach are not, in fact, their customers. This situation—common in today’s data-driven internet economy—creates the perfect example of an externality requiring regulatory intervention, and we and others have been calling on governments to further employ regulatory solutions to help make the internet more secure.

In the meantime, there are two aspects to GDPR, specifically, that we find most interesting. First, the regulation requires companies to employ industry best practices in securing data and monitoring (and promptly disclosing) data breach activity. Obviously, dark web monitoring and intelligence about specific personal data held by a company are key elements of a state-of-the-art information security posture. However, GDPR contains a catch - sharing that sensitive personal data for intelligence purposes can potentially open up an organization to further liabilities under GDPR itself, since liabilities extend beyond data controllers themselves to contractors that process data on their behalf.

This is where Matchlight’s patented data fingerprinting technique comes in handy. Our method is perfectly positioned to be able to provide European (and other) organizations intelligence on their specific data on the dark web, a key element of GDPR compliance, all without opening them up to further liability. It’s the perfect pairing, and we’re excited to get it out into the European market in time for GDPR to take effect.

We’ll be writing a lot more this year about the European market and about GDPR, so stay tuned! À bientôt!

RELATED ARTICLES
events February 28, 2018
Our Recent Trip to the UK: Kicking Off the First CyberThreat 2018 Summit

Terbium Labs attended the first CyberThreat event, hosted in the UK and intended to bring together Europe's technical cyber security community.

events February 05, 2018
Asking the Right Questions at Wonder Women Tech Global Summit

At Terbium Labs, we believe in asking the right questions. Last week, at DC's Wonder Women Tech Global Summit, we asked everyone who came to our booth, "what would you most hate to lose?"...