Cyber-Security & GDPR... an odd couple?

Marc Kavanagh Marc Kavanagh

Marc Kavanagh

Programme Director

发布日期: 2017年10月25日
+ 关注

Last week I attended the Cybersecurity Strategy briefing hosted by Incisive Media & Computing magazine. Topics included: choosing the right cyber defense strategy; cyber insurance; increasing cyber security awareness through psychological levers and GDPR compliance.

The common thread here is customer data: collecting it, processing it and safeguarding it within a changing regulatory environment and huge ramp up of cyber threats. We were also joined by sponsors Darktrace and their head of Technology Dave Palmer, who entertained us with stories of what can go wrong out there in the big-bad-world and how they are using AI to spot Cyber threats before they can be exploited.

There was an insightful presentation from Russel Wing, the Head of Information security at the London Metal Exchange, who covered the topic of Cyber Defense strategies and the latest trends of cyber-attacks. He covered 5 key capabilities we need to get right to significantly reduce risks, the benefits of using a cyber-security framework such as NIST, 27001 or CSC20 (he recommended NIST) and the need to get "very very good at detection and response".

Brian Cave from the Chartered Institute for Securities and Investment talked through the psychological levers being used to ensure staff are fully aware of their role in protecting the enterprise from cyber threats.

Followers of the GDPR EU Regulations that come into force across the EU in May 2018 will be aware of the potentially huge fines that can be levied for non-compliance: up to 20m Euros or 4% of annual worldwide turnover. 100% compliance is probably unrealistic, though taking this seriously, doing the assessments and having robust processes in place to report and recover from breaches is key and likely to ameliorate the situation with the regulators. 

By following the process to assess GDPR readiness, making data maps of where personal customer data is held, taking steps to protect this and understanding who has access to it and how data is shared internally and externally, we can surely reduce the risk of the nightmare scenario where customer data is harvested by external cyber hackers or internal staff. I'm particularly interested in the latest technologies being used to identify potential fraud such as account takeovers, a topic I'll come back to in later posts.

Bringing together GDPR, cyber defense strategies and addressing staff awareness via training / simulated phishing etc has to be a good thing to my mind. Well done Computing and to Graeme Burton for chairing, a useful and thought provoking morning session!

#GDPR #Cyber #Computing

要查看或添加评论,请登录

Marc Kavanagh的更多文章

社区洞察

其他会员也浏览了