Culture of privacy, AI and Multi-Factor Authentication on the agenda of day two at PrivSec Global

Kicking the day off with a talk on Third Party Risk Management: Cybersecurity Expertise into Board Governance and a Company’s Digital Defense, the panellists discuss cybersecurity in the boardroom.

Anu Kukar, “Regulators worldwide have come out and said an organization is responsible for the risk management of third parties.”

Omer Carmi from Cybersixgill says, “I’m seeing too much of everything… when you are trying to take the concept of too much data into third party risk, you start to realize that you have a problem, and you realize you have to do it in an automated, fast way.”

 

On the topic of privacy culture within workforces, Steve Wright discusses Culture Horizon, a new survey brought by Privacy Culture to measure culture within an organisation. Vivienne Artz says, “Privacy is the new normal” and must be automatic.

“The challenge is around understanding the landscape of your business and be able to recognise through the questions of the survey, where you need to focus,” says Vivienne Artz.

After filling out the survey, Sue Taylor from Provident Financial Group says it was clear that some departments in her organization wanted to be more enlightened on privacy.

Discussing South Africa’s privacy legislation, POPIA, and the transition from non-regulation was a panel of subject matter experts.

Zanele Mazibuko says globalisation and digitalisation has made access to data much easier and ultimately led to the development of privacy laws such as POPIA.

Since the start of its long delay in implantation, Ian Jacobsberg says the regulator hasn’t been inactive during this time, they have been preparing for the law to become effective.

Rian Schoeman, says the regulator “gave us a good idea of how they are going to operate.”

Nicole Gabryk says, “if we remember, the POPIA act is based on the GDPR predecessor, the Directive,” she adds, “what it didn’t take into account was the liability of operators.”

Gabryk adds, “we must now regulate our liability with operators in our agreements.”

 

Discussing Artificial Intelligence was Andrew Sellers from QOMPLX and his fellow panellists.

Kicking off the discussion, Sellers rightly says, “I don’t think we can have a security discussion about AI without discussing its limits.”

Preston Bukaty says, “people treat technology like the weather, like it’s a tool we have to live around.”

He adds, “The laws are starting to think around a risk-based approach… but sometimes it feels like the regulators are a couple of steps behind us.”

Disputing the belief that legislation is the key, Yasmin Hinds says “one of the things that concerns me is around trust. for me, it doesn’t start with legislation but inherently.”

Expanding on this she says, without trust and integrity coming from within the organisation, “there will always be a public misconception that something else is happening” in regard to AI tools.

 

Talking about the hot topic of Multi-Factor Authentication and the Roadmap to an Organisation’s Increased Security, was Bernadette Sarazin from Fasken who was joined by a panel of cybersecurity experts.

“MFA is not a silver bullet,” says David Doret, which, as Danna Bethlehem defined, is all about “overcoming the weaknesses and vulnerabilities of passwords.”

As Daniel Ayala explains, MFA is very robust in terms of security, as “even if something you know has been stolen, it’s harder to steal something you have… we have changed that now to something you have installed on something you own.”

Continuing, Danna Bethlehem says, “if a token is stolen then remember it is two factors, they would need the service that you are logging into as well as a password.”

David Doret adds, “implementing zero trust is a journey. Two of the key steps will be the implementation of identity and access management set of processes… and then the implementation of MFA and then perhaps the implementation of password MFA.”