The second day of PrivSec Dublin brought more top-level insight to data privacy practitioners in the Irish capital’s Conference Centre.
Following opening remarks by Lynda O’Leary, Systems Engineer at Hewlett Packard Enterprise, Tuesday’s talks began in the Cyber Security and Business Continuity Theatre. Here, David Shaw, CISO at Central Bank of Ireland framed the mindset of successful cyber-security assurance.
“Security isn’t a destination, it’s a case of doing your best and putting in the appropriate controls to make a breach less likely, but not impossible, because there’s no such thing as an impossibility in this context,” David said, before detailing three factors that are needed as a foundation to Information Security Assurance, thus enabling organisations to demonstrate that security is improving.
“David’s framework for measuring this looks at three factors: Completeness – asking if all the necessary controls are in place; Coverage – asking if those controls cover all the problem areas, and Effectiveness – considering whether these controls actually work,” the day’s report revealed.
Cost as a building block
Dr Katherine O’Keefe, Director of Training and Research at Castlebridge, developed the long-haul mindset that GDPR success demands. She reminded audiences in the Data Privacy Theatre that sustained compliance can become more understood, and subsequently strategized, when real facts and figures are brought into the equation.
Katherine emphasised how costs need to be calculated – the potential cost of fines, IT consultants, technology and technology fixing, the costs of business slowing down, will each help companies to figure out the price of privacy.
Ethics, Katherine notes, play a leading role, because “a company that only makes decisions on the easy numbers will soon have no numbers and no business. Millennials are killing unethical business – there exists a very strong increasing demand for socially responsible business.”
In the Privacy, Security and Emerging Technology, HSBC’s Global Data Privacy Manager Dan Cope led a panel debate around the importance of an integrated approach to data privacy and security.
Discussions pivoted from a warning that industry often turns too readily to technology solutions to provide the panacea for cyber-security concerns.
“Technology is great as a roof, but it’s not the building,” Dan said, in reference to the architecture that organisational security. Any spending needed to obtain
Martin Gomberg, author of CISO Redefined, advised that any spending to obtain “state-of-the-art” security solutions should “be proportionate to the need and aligned to the risk”.
The panel members were unified in their assessment of risk when it comes to BYOD – Bring Your Own Device, or Bring Your Own Disaster, if you ask Joe Dignan. The founder of Kintechi elaborated on this by stating that “people are the biggest risk.”
“It’s virtualising of a device and multiplexing its uses. It doesn’t matter if you’re putting contain mechanisms on devices or on the cloud – these are things that are not in our control. If you can’t control it then don’t bring it in,” Martin Gomberg added.
Bernard Swierczyna CISO at First Ireland Risk Management, said:
“BYOD tempting because it saves money, but then you have to spend more in security. I’m absolutely against BYOD personally, unless you’re willing to spend the money and do it properly.
“Do you have a behavioural use policy for the data that you have? We need rules around those things. Approvals or authorisations may be needed,” Martin continued.
Later in the day, the other side of the security coin was explored by Zoe Rose, Cyber-Security Consultant at Bariga Partners.
An ethical hacker, Zoe presented the hacker’s mindset to audiences in the Cyber Security and Business Continuity theatre, as “looking at something not in terms of what a mechanism is meant to do, but what you can make it do.”
Zoe laid bare the malicious hacker’s three primary motivators as: Ruin – the desire to destroy a reputation; Reputation – to elevate one’s own ego, and Riches – the desire to access financial gain, which is also the most common reason for hacking.
As a white hat hacker, Zoe described the ethical motivators as: Education – developing one’s own awareness and learning how to protect yourself online; Compliance, and Curiosity – the desire to change things to make life easier for yourself.
The key message of Zoe’s presentation was a message of encouragement to audience members to become hackers themselves – try to search for yourself online. A good place to start with this is OSINTFramework.com.
To see if your own email address has been caught up in a data breach, check out haveibeenpwned.com, the audience was told.
To reinforce your own safety online, Zoe explained: “Stay safer by limiting your scope, enable multifactor authentication, and make a conscious decision about what information you share online.”
PrivSec New York
After a hugely successful conference in Dublin, PrivSec Conference New York will explore the inextricable link between data privacy and cyber-security, taking in the US perspective.
Taking place at Columbia University on November 5th and 6th 2019, PrivSec New York will see a distinguished roster of guest speakers and representatives from global names including Uber, the New York Times, BNY Mellon and many more.
In-depth talks and panel debates held by a line-up of international experts will examine trends and technologies at the heart of the global data economy.
In an ideal forum for networking and sharing ideas, delegates can learn how enterprise is adapting innovation, collaboration and compliance to evolving data protection standards.
Click here to register for PrivSec Conference New York today.
Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.