Imagine you’re an end-user client. Your whole firm is being thrown into the spin-cycle by digital disruption. Your business units are struggling with new customer demands. Your financial department and corporate treasury are having to integrate new payments channels, automate their AP/AR and use Big Data to work out what’s going on. Your board has consultants in – so a senior partner has sold them on an agile digital transformation and then shipped in a dozen 23-year olds who know nothing about your business and expect to be taught on the job while racking up as many billable hours as possible not solving your problems.
And then someone says. “What about cybersecurity?”
No wonder it’s hard to market cybersecurity solutions. You’re essentially trying to sell a software package into businesses struggling with dozens of... read more >
The big headline-grabber about the General Data Protection Regulation (GDPR), set to come into force in 2018, is the huge fine that can be imposed on companies that have failed to comply with the legislation. The GDPR, which replaces the 1995 Data Protection Directive, sets the maximum fine for a single breach of GDPR at the greater of €20 million or 4 percent of annual global revenue.
Either would be an eye-watering figure for most companies. But while the EU has displayed considerable teeth in the GDPR rules, which include reporting a fine within 72 hours and for certain companies appointing a data protection officer, there is not a fine for actually being breached. A fine for the mere fact of a breach might be unfair considering that some attacks are advanced enough to be, to all intents and purposes, unblockable.
Yet many modern attacks are telling by how easy they...read more >
“It is critical to distinguish between, and address the needs of, both the cyber workforce and the general workforce," said the International Information Systems Security Certification Consortium (known as ISC (2), the largest US member organization for IT security professionals said in a letter released Monday in a letter to the newly minted U.S. CISO Greg Touhill.
“Accountability must be elevated several levels. If you don’t have the authority to hold others accountable, you cannot effectively address the problems. There needs to be clarity surrounding who is responsible for cyber incidents.”
“In the federal government, CISOs generally report to the CIO,” explained (ISC)2‘s Director of U.S. Government Affairs Dan Waddell in an interview Monday. That creates a “natural tension,” he said, because “the CIO is tasked to get these systems up and running … He or she is...read more >