PrivSec Data Protection & Infrastructure’s audience enjoyed a day packed with sessions dedicated to key issues driving the data protection and infrastructure debate. 

Ivana Bartoletti, Technical Director at Deloitte and Founder at Women Leading in AI Network, got the morning’s talks underway with “Protecting privacy and ensuring data flows”. The panel of experts discussed the importance of collaboration and communication when discussing data flows. Carlo Vreugde, Data Protection Manager, Netherlands Government said:

“As a DPO there’s a lot of privacy issues to work on, but there are loads of technicalities and working with the Chief Information Security Office is necessary.” 

Carlo added that talking to one another to see what tools are available helps with progress in protecting privacy and securing data flows. Carlo added that it is more evident that an agreement between the UK and US is needed in the future of privacy and data flows to “facilitate transparency with consumers.”

Ransomware was a hot topic on the agenda today. In the ”Ransomware Jail. Is There Any Way Out?” session, Rich Fenton, Principal Data Architect, Pure Storage, explained that years ago it was much easier to spot ransomware attacks, however as technology has developed attacks have become more sophisticated. Fenton explained:

”We see hackers use WhatsApp messages, tailored emails with personal details and these are more credible ways to attack systems.The difference we see now is that once the hackers gain access, they don’t start encrypting their data straight away, but they harvest credentials and take time to study your systems to then break in through your back up systems, where your primary data is stored. Once ransomware is delivered, you can either pay them or restore your data to zero, which is a scarier method than it used to be before…”

The question arises how can we defend against these attacks? Fenton answered that educating users around these attacks is vital, in addition to informing them of antivirus, filtering, detection and looking at user behaviour.

”Your last line of defence is critically encrypting your primary data and being able to go back to your back up to restore in case of an attack.”

Fenton added that since the pandemic, ransomware has accelerated than ever before: ”The biggest change is the amount of ransomware increasing due to working from home. As more people are working from home-based device, the threat of ransomware is more active than ever.”

The subject of ransomware continued on to the next session ”Getting to grips with the very real threat of modern ransomware and it’s impact on organisations.” Fenton explained that businesses need to be more prepared to the possibility of a ransomware attack as opposed to being unprepared.”

”Understanding what mitigation you can put in process and how quickly and agile you can do that will make the process a lot easier,” said Fenton.

Lesley Holmes, Data Protection Officer, MHR Global, explained that unfortunately when it comes to businesses and ransomware, “a lot of people are not willing to pay a price to protect their consumers’ data and will take the risk of thinking that that will never happen to them” and quite often businesses are unaware they have been a victim of a ransomware attack until after. 

Fenton offered one tip to help businesses with future ransomware attacks: ”There are two key pillars on how to ensure you can recover from a ransomware: having an immutable copy of your data which is impossible to be deleted, and having the possibility for you to restore that.”

During the ”Data Management and Protection as a Service (DPaaS) to improve business continuity within your organisation” session Martin Fletcher, Consultant, DQM GRC, explained that the key role of a DPaaS is ”to be able to provide that outside advice to businesses, look at continuity plans and identifying what we have seen has been working well with other organisations. And on top of that, providing an element of scrutiny.”

Ronnie Kaftal, EMEA SE Director, Metallic added that ”what organisations need to think about when planning their recovery plan is: how do I continue to operate? How to keep the service up and running? And DPaaS can help with building that continuity plan.”

When asked by an audience member on how COVID-19 has altered the DPaaS landscape, Tash Whitaker, Global Data Compliance Director, Whitaker Ltd, answered: ”What I’ve seen recently is that thanks to remote working, I’m far more involved within my clients’ business communication, as we have access to the same online platform and conversations are much more sustained around Data Protection policies and strategies. On top of that, just in the last 6-9 months I’ve seen my clients double up, as the demand to protect from data threat increased.”

 

Missed a session? No problem - all sessions will be available on demand on grcworldforums.com