PrivSec Global’’s audience enjoyed a first day packed with sessions dedicated to key issues driving the data protection, privacy and security debate.
Stewart Room, Partner, Global Head of Data Protection & Cyber Security, got the morning’s talks underway with “How to Prevent Credential Stuffing Attacks While Managing Risk and Trust - Sponsored by CyberSixgill. ”The panel or experts debated the defense techniques that could be used by organisations to guard against threats.
Mr Room said: “In terms of impact, when we look at some of the big cyber problems, in th ransomware zone, emailware zone, credential stuffing is right in the middle of it.”
Laura Landes-Gronowski, French lawyer, Paris Bar, Partner – Head of IT, Data protection & Cybersecurity department, Agil’IT, explained that “Credential stuffing attacks are a major issue, but not the only one. With increase of remote working, security of info systems, which were already vunerable, has become more than ever a question of strategy.”
To illustrate the magnitute of the problem of cyber security, Bradley Tosso, Assistant Information Commissioner, Gibraltar Regulatory Authority, shared the statistics that 170 million attacks occur in a day, in addition to an alert issued by the FBI that 40% of cybersecurity incidents were tied to crediential stuffing.
“It’s not going away. It is a growing risk. It’s something we’re going to have to increasingly work on.”
Bradley Tosso, Assistant Information Commissioner, Gibraltar Regulatory Authority
Delivering his keynote speech, Ciaran Martin, founding CEO of the National Cyber Security Centre, stressed that ransomware is in fact getting more dangerous:
“The reason why I am so obsessed with ransomware is not really just about the money…it’s that for 20/30 years we’ve all been glamourising, ‘Hollywoodizing’ if you like, the cyber threats as this great theatre of war between states. Actually, we’re the closest people to getting hurt or killed due to cyber attacks, because ransomware attackers are disrupting fuel supplies and healthcare in particular.”
Adding that it was plausible that ransomware hackers have overeached with their attacks “now on the front page of every newspaper in the world,” such as the Colonial Pipeline attack.
Regulatory Developments in South Africa were discussed, with Sasha Beharilal, Compliance and Regulatory Manager, MWEB, saying ”Privacy is a human right. This is the first piece of legislation in SA that is giving rights in the data subject.”
When sharing insights on whether South African regulators would be strict or not, Russell Opland, Data Protection Officer, Law Firm, said ”We may not be likely to expect a soft govern approach, but coming out the gate running at full speed.” Beharilai added ”You want to make examples. Frighten people into compliance. Because we’ve been waiting for it for so long, waiting to hold businesses accountable.”
Nerushka Bowan, Founder, LITT Institute said ”he regulators hands have been tied. Post POPIA, those powers come to force. I do think there will be examples made in those first 3 months,” adding that a fines would shake things up and show that the regulator “really mean business.”
Peter Hill, Director, POPIA Pty Ltd, said ”The key issue is going to be the impact on organisations responsible party who needs to think about the personal liability and what could be the consequences for them.:
When asked about the differences between POPIA and GDPR, Neruskha answered that the notification of data breaches were a key difference: “POPIA is much leaner in that in just says if you have reasonable suspicion that could give rise to a reporting obligation. The threshold is much lower in terms of what you have to report.”
During the Vaccine Passes session, Savera Sandhu, Partner, Newmeyer Dillion, explained ”Individuals are going to be concerned that if they have simply their vaccination record on-hand through an app, that somehow that may also trigger the information that is leaked out and connected to by hackers on individuals…”
Subsequently, individuals have gone to social media to raise their concerns and post about their privacy and social rights: “It’s a question of whether or not, it’s a violation of human rights, one can make the argument that those who are not economically or educationally available or are understanding, will be hindered from activities and travel. So one can make the argument that if you’re sitting as a socio-economic class that can’t get access to it readily or doesn’t know about access, then yes.”
Eric Piscini, Global VP, Payer and Emerging Business Networks, IBM, stressed that for Vaccine Passes to be passed, ”We need to trust that the custodian of the data, the provider or the doctor etc, are doing the right thing to protect this information…this is the first layer of trust. The second is how do we access this information and store it on your phone and make sure the information is protected.”
”The third layer is that we need to make sure that when we share the information from your phone to someone else, that transfer of information is also protected and secured.” This can be done through the verification of blockchain.”
Diversity and Inclusion was a hot topic on the agenda of Day One. In the ”Women and Diversity in Cybersecurity: Why Are We Still Having this Conversation?” session, ”Renata Vincoletto, Information Security Manager, Abcam, explained that although young girls tend to be better at science, iIn the absence of female role models, girls don’t see their future in maths or science.”
Debbie Evans, Group Data Protection Officer, Rentokil Initial plc, asked the question “Cybercrime is fascinating area, why just leave it to the men?” Evans went on to add that she was interested in behaviour, and cybercrime has so many facets to it. ”I see myself as an individual who has lots of skills and qualifications, irrespective of gender.”
Vincoletto stressed that young girls need to know that it doesn’t matter who they are or where they from, the industry needs anybody.
“When children are told to draw scientists they draw a man with messy hair. This distancing of girls from cyber security, it begins at childhood.” Children’s opinions are largely shaped by the media, and it is vital that we see “change at the top, among industry leaders. More women talking about this subject with passion.”
Day two at PrivSec Global delivers another packed agenda of keynotes, presentations and panel debates. Livestreaming and available on-demand, attendees can access exclusive content covering a range of themes.