Day two of PrivSec Global brought more thought-leaders and industry experts together to discuss the issues defining the privacy and security landscape.
Regulation Technology (RegTech) and business resilience through the pandemic were among topics explored during 12 hours of exclusive presentations, keynotes and panel debates.
The morning sessions began with a review of the regulatory landscape, post Covid-19.
Sarah Sinclair, Co-Founder, Change Gap, said:
“One of the barriers to adoption of technology is that some of the products trying to solve issues within the RegTech space are legacy products themselves, so that creates more challenges.
Commenting on the potential for a reduction in FinCrime, as the pandemic comes to an end, Marius-Cristian Frunza, Founder, Schwarzthal, said:
“Definitely there is a need for a culture change to adapt to these new realities. With respect to regulation, larger companies are far more aware of the regulatory risk now.
“From a risk management point of view, a change in culture is really needed to cover the gap between regulatory compliance and risk management. In order to make the approach more comprehensive, this gap needs to be eliminated,” he added.
Assessing the impact of RegTech on the effectiveness of anti-financial crime measures, compliance and anti-money laundering (AML) specialist, Anjali S Menon, said:
“From a compliance officer’s point of view, RegTech has made life a lot easier. If you look at basics like KYC verification – when that was done manually, we had no idea about whether or not our approaches were accurate.
“For me, verification processes have gone up, the levels have increased, there’s so much time and money being saved. Criminals are so creative now, they can easily doctor documentation.”
Commenting on the benefits of the adoption of RegTech, in the AI space, Avere Hill, COO & Co-Founder Cynopsis, said:
“Besides efficiency and effectiveness, there has to be a cost-benefit of going from a manual to a digital environment. Increasingly, through the implementation of RegTech, the quality of data and reporting coming through has escalated.
“The use of AI and ML – being predictive of the data pool – we’re seeing major benefits here. Instead of 100,000 alerts and then having to sift through them, the application of the thin layer of AI can greatly reduce that pool.”
In the afternoon, focus fell on phishing and the ways in which fraudulent messaging attacks are becoming increasingly sophisticated. Our experts looked at how we can reduce risk of falling victim to such activity.
Yin Mei, PerScholas.org, said:
“If there are opportunities for specific work devices to be delivered remotely, I’d encourage individuals to use separate devices. Having email detection and making sure that emails are not being sent to personal emails, but to work-based emails – this is important.
“Training and testing can be done, rewarding individuals to conduct certain tasks, to educate themselves,” Mei added.
Professor Mark Button, Director of the Centre for Counter Fraud Studies, School of Criminology and Criminal Justice, University of Portsmouth, said:
“The culture among staff is one of the central things, you need a culture of scepticism around clicking on links and emails. You probably need training, fake tests, etc. to see who does click on “fraudulent” links or emails. Driving these numbers down through these kinds of strategies is central to developing this culture.”
Chris White, Head of Cyber, Cyber Resilience Centre for the South East, said:
“Invest in your people. The ICO recommends that all new employees have specialised cyber training within one month of joining the company.”
PrivSec culture was another core theme of the day, in response to a growing industry imperative for departments to improve communication to optimise the relationship between data protection with data security.
Dr. Eric Hollis, CEO/President, HollisGroup LLC,
“I think leaders should initially try to be transformational from a cybersecurity perspective – they should be able to transform the mindset and actions of employees to adhere to working at a different level.”
“There have to be constant reminders of cybersecurity within organisations. Even though there’s plenty of software to help cybersecurity, the main point of weakness comes from human factors.
Fiona Hanrahan, Legal Counsel and Data Protection Officer, Shannon Group plc, said:
“A DPO does need to have knowledge of security, and the Security Officer should have knowledge of how data protection works. Every member of staff needs to be accountable with regard to securing data within the company.
“Policies need to be clear, concise and easy to understand for junior members of a company. They need to be reviewed regularly, with any updates from the regulatory landscape quickly adapted into policy.”