Industry thought-leaders and subject matter experts came together today for the first day of #RISK Digital, taking global audiences on a deep-dive into today’s changing risk landscape.
The landmark ruling invalidated the EU-US privacy shield and changed the way organisations managed personal data transfers overnight.
Joseph said:
“As organisations become increasingly data driven…we’re using more data; we need to become more data driven to remain competitive. But with this race to use more data, also come consequences.
“There’s an increasing number of regulations surrounding data transfers, including the sale and sharing of data… this poses a big challenge for businesses because if you can’t adapt, you’re faced with a decision: you must either stop transferring data or tolerate the risk.”
“Data subjects now are more aware than ever that their data has value. So, if you fail to respect their privacy, either yourself or through the use of third parties or non-compliance, you’ll ultimately lose their trust. Trust is gained in drops and lost in buckets.”
Following on, corporate security measures fell under the spotlight, with #RISK Digital experts examining what “reasonable” means when it comes to security teams taking a risk-based approach to combating threats.
Determining what is reasonable is no easy task, sometimes requiring input from several departments and careful resource allocation. But getting this right is a crucial element of demonstrating a company’s compliance.
Panel host Dr. Vasileios Karagiannopoulos, Co-Director of Centre for Cybercrime and Economic Crime, University of Portsmouth, asked how resistance to security measures can be managed within an organisation.
Sunette Runhaar, Insider Threat Awareness Lead, Uber, said:
“When we look at insider threat, we can’t just look at security measures and specifically focus on cybersecurity measures. How we manage our people, our workforce, how we balance their trust, how they feel about their loyalty and happiness towards the company are all critical components for any security programme, because preventing insider threats from happening in the first place is just as important as putting cyber defences into place.
Touching upon company focus on trust programmes, Sunette said:
“Enough trust is good, because obviously, we’re all grown adults in the working environment and we don’t want to feel like we’re being micromanaged. But too much trust will tend to be abused, because as we all know, human beings are constantly looking for shortcuts. If we can find a way to do something faster, and it means less work for us, of course, we’re going to take the easier route, even if it’s less secure.
“So that’s when you have to bring in your control programmes, things like zero trust. This involves very basic elements like USB restrictions, access control, not just to documentation, but also to physical spaces, maybe within your office buildings. Anything that restricts someone’s ability to freely share information or freely share access within an environment is what we would refer to as a control programme.”
Itai Sassoon, Co-CEO, Commugen, said:
“At the end of the day, as security professionals, we are not trying to create the best security programme out there, but something that will be reasonable and adequate to the business goals that we have.
“The business needs to keep on making money, and we need to make sure that that’s happening in the most secure way. So, one of the things we see are organisations that are trying to make those policies and those measures as objective as possible and also this is connected to trust.
“So, it’s not that somebody is picking up on me and requesting me to do something as an individual employee, but this is the organisation’s policy being executed in an objective and well defined way. And in many cases, automatic tools are helping tremendously with those kinds of things.”
Commenting on the increased use of the zero trust approach, Amardeep Ginday, Identity & Access Management Analyst, commented:
“In very simple terms, trust no one, verify everything. Zero trust is very popular and it’s very important. In the news we see how much data has been stolen, data breaches within companies and how hackers have held them to ransom. This is all down to the trust that’s been given within the company.”
“When it comes to zero trust, it’s about making sure that there is some sort of stringent verification process in place for someone logging into the network, users getting access to an application, and then it’s about how you’re looking at the level of access that is within the application or within the company: is it administrator access? What is the approval behind someone getting that access? What will they be accessing? What is the monitoring behind that as well?”
Later in the day at #RISK Digital, industry leaders turned their attention to EU anti-money laundering laws.
Rutger Veenstra, Compliance Officer, Anker Insurance Company, underlined his belief that AI is necessary in the fight against money laundering in the Netherlands due to a shortage of AML professionals. The banks in the Netherlands are increasingly utilising artificial intelligence to address this issue.
The Dutch Central Bank, the regulatory authority in the country, is also becoming more accepting of AI measures as they recognise it as the only effective way to combat money laundering, particularly given the labour shortages, Veenstra explained, before implying that the use of AI in anti-money laundering efforts is observable in other European countries as well.
Touching upon the impact of AI in relation to money laundering compliance regimes, Claire Maillet, Director of Financial Crime Operations, Ziglu, said:
“Everyone knows that the financial crime landscape is always changing. I think if we weren’t to use AI in some shape or form, it would be naive and dangerous on our part as professionals in this space.
“I think over the last few years, people have wanted to go fully into the tech and to automate everything. But I think now people are starting to see again that AI can be very scary. You need to have a balance between AI and human intervention, particularly when it comes to things like ethics because as far as I’m concerned, you can’t necessarily teach that in an AI world; everyone’s morals and ethics are going to differ.”
Don’t miss day two of #RISK Digital, when an exciting line-up of sessions will unpack themes such as risk management, compliance as a competitive advantage, sustainable business practices, the ESP imperative, and much more.
Register today and join the live debate
Missed a session? All the livestreams are available to watch on-demand.
Related Events Coming Up in 2023
Technology is at the center of every core business process within modern organizations and #RISK Amsterdam is a content rich Expo centred around seven key themes:
| DATA PROTECTION & PRIVACY | SECURITY | ESG | PEOPLE | GRC | WELLBEING | FINANCIAL CRIME |
|---|
#RISK Content Zones include Privacy & Data Protection, ESG, Security, Financial Crime, Fraud, Loss Prevention, and Governance, Risk and Compliance.
At the inaugural #RISK in November 2022 we discovered that our attendees were visiting as groups and even using the event as a meeting point to catch up with colleagues from different departments.
Our mission is to continue to build on the success of #RISK 2022 and provide a platform that allows organizations to address the cumulative nature of risk, unite disparate GRC specialties and create a compelling ‘deep dive’ agenda led by subject matter experts and thought leaders.
No comments yet