Important lessons about Cyber Security and GDPR from IP Expo Europe 2017

Important lessons about Cyber Security and GDPR from IP Expo Europe 2017
10/10/2017 MHC

On 3rd – 4th October 2017 at London’s ExCel, MHC attended IP Expo Europe: one of Europe’s biggest enterprise IT events to explore some of the latest IT innovations and to gain senior level insights from across the industry.

This year, the expo was a very busy and buzzing one, with estimated 300+ exhibitors and 300+ free seminar sessions to attend. In attendance from MHC side were: Consultant Matthew Taylor and IT Support Analyst Isaac Gibbons, who listed some of the key findings from their visit below.

 

Customer data at the heart of GDPR

GDPR (which comes to effect in May 2018) is still a key topic and was highly visible at the expo. The various solutions that promote themselves as solving some of the pain points relating to the regulation compliance was evident by the number of different vendors showcasing their services and products. What was also noticeable among these vendors was that once-upon a time cyber companies would focus and specialise in certain areas of cybersecurity, whether it be: file integrity management, encryption, threat management, monitoring, etc. Now, the current trend is that these services and products are provided “under one roof”, so they can deliver a full service from a single vendor and one control panel. This can be valuable for standardising ecosystems and to simplify monitoring to identify security breaches quickly by spotting zero-day issues by comparing normal and abnormal data traffic, which is a key area of GDPR.

GDPR is frequently featured in main media and has raised the general public’s awareness on personal cyber security. Several high profile cyber-attacks and data breaches have also increased the importance of skills development and knowledge in IT security.

 

Importance of personal cyber security awareness

Guest speakers, such as Professor Brian Cox OBE and Security Software Ambassador Garry Kasparov reiterated the need for everyone to take responsibility for their own digital footprint. The internet is full of unfriendly foes, who have no shame or remorse stealing your identity and potentially ruining lives. How much information you reveal about yourself online, directly correlates with how easy it is for personal data to be maliciously used against you. Thus, the main mantra on personal cyber security awareness for every individual ought to be: “Not everything needs to be shown in public”. When you leave your home, you don’t put a sign on the door stating you are on holiday, but online, the story is very different. This applies especially in the current digital economy, as majority of online users are now highly social media literate and are happy to share personal details online, without paying closer attention to privacy or security settings of the different social media platforms they actively engage on.

 

Great lessons to be learned from high profile security breaches

The worrying fact from a string of high profile breaches (such as the recent Equifax breach) is you cannot always rely on the timely disclosure of a breach once one has occurred. In the Equifax case, the credit rating firm experienced a cyber security breach in July 2017, which resulted in confidential data of about 143 million US customers and 400,000 UK customers being stolen. The firm only proceeded to warn it’s UK consumers in September 2017 after being prompted by UK authorities.

The longer the delay in disclosing a security breach, the longer your details are being passed around the internet for hackers, malicious organisations and governments to potentially use those details to access any other account. In the case of Equifax, it took over 3 months before a public disclosure. This shows that it is extremely dangerous to reuse the same password for multiple websites, especially ones that hold your financial or personal details.  GDPR will force disclosure within 2 weeks of a breach being identified, however, without the right security controls in place, it’s nearly impossible to know whether a breach has taken place. This highlights an important link between being GDPR compliant and having the right security controls in place if your organisation is holding customer data. To read more about GDPR and the implications of this regulation, please read MHC’s previous article on the topic through this link, authored by our in-house solicitor Chi Onugha. Below you can see some images from our visit to the expo.