There were a lot of insightful talks from the PrivSec London conference last week – here’s our pick of some of the most important points on the topic of cybersecurity.
Representatives from Microsoft provided some real eye-openers, such as: everyone’s passwords may almost certainly be compromised. This is why it’s so necessary to enable Multi-Factor Authentication on everything you can – otherwise you’re at real risk!
Meanwhile, 60% of data breaches are due to human error. E-learning as staff training for compliance is often quickly forgotten and doesn’t change behaviour – only 23% positively impacted employees – so training needs to be aligned with people’s business needs and personal values and ethics, and team meetings need to be held soon after it to decide what to change. Culture comes from the bottom up, not top down; leadership needs to be distributed not hierarchical as nobody can keep up with all the changes across these areas.
From a different session, a cybersecurity consultant said that 90% of cybersecurity issues that lead to him being called in are caused upstream in other systems and configuration/patching issues plus poor Information Security procedures and standards, yet the ever-spiralling (and very ineffective) cybersecurity spending in companies is misdirected downstream at the impacts of that. He almost always finds serious negligence by lunchtime on day one when starting with a new client.
There are huge skills gaps in cybersecurity – 1-2 million jobs going unfilled – and far too few women are getting into that area for many reasons, which doesn’t improve the success of the sector either.
Achieving GDPR compliance while using AI, Big Data and Location data is really difficult, and it’s hard to get genuine user knowledge of and consent for the future uses that might be made of that data and to fulfil user rights demands around that data. In fact, even anonymised versions of these kinds of data can often be de-anonymised by the uses companies put this data to. Locations-enabled apps gather all kinds of data about you and often share that information without your knowledge.
Our thanks to the following guest speakers at PrivSec London 2020:
- Steve Wright, Partner, Privacy Culture Ltd, previously DPO for Bank of England, also John Lewis and Unilever previously
- Baroness Neville-Rolfe, EU Committee member
- Sheila Firtzpatrick, Fitzpatrick & Associates
- Dave Horton, Solutions Engineer at OneTrust
- Shaab Al-Baghdadi, OnlineDPO; Emily Johnson, Microsoft, Bill Karazsia, Fortive; Joao Torres Barreiro, Wills Towers Watson;
- Charlie Wijsman, Accenture Global Data Privacy Lead
- Damine Larrey, Microsoft; Dominic Johnston, Epiq Global; Damian Murphy, Lighthouse Global
- Alberto Quesada, Global Head of Group Data Management, BNP Paribas
- John Richardson, DMA, and formerly the Telephone Preference Service; Giorgia Vulcan, EU Privacy Counsel for the EU DPO Office, Coca-Cola; Or Lechner, Luminati Networks; Marie Bradley, Adam & Eve; Magali Fey, Anonos
Ben Hawes, Benchmark initiative
- Joan Keevil, Professional e-Learning Expert, SAI Global
- David Clarke, Founder, GDPR Technology Forum; Beth Brookner, Privacy Counsel and Data Protection Officer, GVC Ladbrokes Coral; Steve Windle, Incident Response Lead for Europe & Latin America, Accenture; Cosimo Monda, Director, Maastricht European Centre on Privacy and Cybersecurity; Simon Hall, Privacy Consultant & DPO Coach, AwarePrivacy
- Stuart Aston, National Security Officer, Microsoft
- Greg Van Der Gaast, Head of Information Security, University of Salford
- Meera Narendra, Journalist, Data Protection World Forum; Dr Shavana Musa, Legal Consultant and Academic, The University of Manchester; Victoria Guilloit, Partner, Privacy Culture; Ally Pinkerton, Group Head of Information Security Governance & Assurance, Group Information Security Office, Bupa