The current pandemic has a significant impact on our lives as well as on the operations and activities of countless enterprises. Online presence has become the main premise of social and commercial interactions, from basic education to the provision of different goods and services. Adapting to the new reality needs new solutions. Companies have already begun to apply measures, such as anywhere operations which enable work from diverse locations and the management of business services across distributed infrastructures. Even distributed architectures and autonomous decision-making processes are currently being tested and employed to allow continuous operations and undisrupted consumer experience.
However, the network is still vulnerable. Fraudsters and other cybercriminal groups are working to take advantage of the new situation. For example, a single hacker managed to disrupt and postpone surgeries at the University Hospital in Brno, and thus threaten the health and life of innocent patients. On the other hand, as so-called data breaches are published almost every day, it is clear that unsupervised IT infrastructures pose further threats. Theft of personal data processed by multinational companies without efficient organizational and technical measures to protect them, or access to vast amount of information stored in data cemeteries have become everyday news. And there is always the human factor. Unprepared or ignorant employees are especially targeted by criminals.
The digital world, the digital business and the digital self needs stronger protection. Data protection and data governance systems are only the basis which needs to be built in parallel with the relevant technical measures. These include, for instance privacy-enhancing computation technologies to secure personal data. The use of services of trusted third parties, or homomorphic encryption may enhance the protection of privacy and information in the system. Furthermore, the utilization AI technologies to protect the digital environment has become prevalent. These applications are commonly used to detect data leakages and other threats. In this respect, a certain race with time is taking place since cyber criminals and their targets, the companies, rush to develop and apply better and more intelligent technologies to exploit deficiencies on the one hand, and to provide better security on the other.
This is where information security and data protection experts play a significant role. They shall cooperate to provide complex and comprehensive, effective and resilient solutions. Their effective cooperation may provide the company the necessary tools to find or develop, apply and maintain the most up-to-date technologies that prevent unwanted events, or – in case an incident occurs – helps to control and mitigate their consequences, to maintain business continuity, and provide remedies to individuals whose interest, rights or freedoms may have been violated. Technical and legal standards, such as the GDPR or the CCPA are frameworks that when implemented properly serve as the basis for effective protection. On the other hand, self-regulation and private initiatives are also important in this sector. Companies, with proactive help from information security or data protection experts, are ever more willing to commence and commit themselves to different programs where additional or – in many cases – non-conventional security measures are applied.
Thus, information security and privacy protection experts will have an even more prominent role in the future. With open-mindedness, creativity, innovation and cooperation, these fields will contribute to an ever more secure new world. Furthermore, these experts ensure that the humane element of the new technologies shall not be disregarded, and the principles of transparency and accountability, ethics and compliance are met at any stages of the application of the technologies. Only this way will the distance that separates us bring everyone effectively together.
(CEO of Kerubiel Consulting Ltd.)
GDPR envoy and the Privacy Spokesperson of ISACA HQ
CISA, CISM, CGEIT, CRISC, CISSP, CEH, OSCP, C|CISO, OSCE, CSA, CCSE, OSA, MCDBA, MCSE Security, Certified Expert witness (DS, ICT)