Big brands and industry heads spoke at PrivSec Global today, allowing a global audience to get to the forefront of discussion on data protection, privacy and cybersecurity.
In a highlight morning discussion, a panel of experts explored emerging challenges in cybersecurity. Focus on the SolarWinds hack and high-profile clients that were deeply impacted by the event.
Patrick D. McNally, Esq, Litigator, Former Senior Government Advisor, described the current threat landscape as “continuously changing”, with threats being “heightened by the pandemic.”
Offering guidance, Adi Chordia, Group IT Compliance leader, said:
“First steps are to build a culture of data privacy. Still in cyber, even though high impact incidents have happened, lack of criminal education training, it can definitely impact your ops and supply chains.”
“Train the business leaders and the board on the things that need to be done to deal with cybersecurity. Start from the top from a policy perspective with information security policy, data protection policies etc. We need to create a cyber security policy as a separate entity to these; they all require different mindsets, toolsets and skill sets.”
Laura Jones, Chief Privacy and Compliance Officer, Constella Intelligence, emphasised how powerful companies have “been thrown into crisis with all kinds of geopolitical shocks; billions of breached identity records.
“What we’ve seen in 2020 is 30% increase in leakages and exposure. Our analysis shows that some of the most affected companies were US, Japan, India, UK. Seeing spike in prices for PII, certainly we’ve seen a spike in crypto. We have seen cyber criminals explode our anxieties and target individuals.
“Brands have a critical role to play to understand risk and honest look at how they may they already be exposed. We need as corporations to train our employees, we need to hammer our employees, friends and families to ensure they are not targeted,” Laura added.
In the afternoon, another panel of experts deep-dived into the potential for cybersecurity risk to stem from those on the inside. From employees accidentally clicking on malicious links, to sabotage, theft of data and unauthorised access, companies have plenty of potential internal threats to consider.
Yanya Viskovich, Chair, Cybersecurity Risk & Governance Working Group at Swiss Cyber Forum, described it as “The unwelcome gift that keeps on giving – anything that potentially poses a risk to a company.”
“But you also need to realise that an acceptable risk to the company is not necessarily an acceptable risk to the data subject. Resilience is relative,” Yanya said.
Senior Risk Manager, Iva Goel added:
”You need to consider different types of risk. Regulations we have these days addresses the access that employees have, so it’s critical how we approach cyber threat.
”In terms of what to look for regarding insider threat, when you look at the triad of any system (technology / processes / people): people are aligned to the processes. If the processes are strong enough then people should not have access to certain data.”
Delving into how responsibility for mitigating risk needs to be shouldered throughout a company, Yanya said:
“It’s about organisational culture and corporate leadership. Those companies that demonstrate corporate leadership are typically proactive on this issue, as opposed to reactive. Culture determines the processes in any organisation, and values determine the culture. In companies where they are consistently approaching this seriously across all departments - these are the companies that are better able to manage and mitigate risk.
Also in the afternoon, updates to international data regulation came into focus in the keynote, “Practical Ways to Operationalize Schrems 2 and International Data Transfers, sponsored by OneTrust”
Speaker, Chris Paterson, CIPP/E, CIPM, Privacy Solutions Engineer, OneTrust looked into international data transfer updates that have left many organizations wondering what needs to be done to achieve compliance.
“Most organisations will have to carry out third-country and transfer impact, The accountability principle is emphasized: take a risk based approach and show your work. “Practical experience” of the importer can be relied on in certain cases.”
Regarding challenges that exporters face, Chris focused on evaluating the risk of transfers, dealing with large volumes of transfers and documenting reasons for the transfer’s validity.
Importers, on the other hand, must prepare for large volumes of enquiries, and must showcase work that has been done while responding to custom assessments.”
“One trust can support through information exchange, Vendor profile, Vendor documentation and Transfer Impact Assessments (TIAs),” Chris underlined.
Don’t miss day two at PrivSec Global, where two content streams will address the latest talking points, themes and challenges shaping today’s privacy and security landscape at this pivotal time for corporate data protection.