7 takeaways from the European Information Security Summit

The European Information Security Summit (TEISS) took place in London last week and Jonathan Martin, Cyber Security & Cloud Department Manager, Networkers, was there to hear the latest developments within the world of information security. The largest summit of its kind in Europe, the two day event was crammed with new information and infosec insights. For those who were unable to attend, Jonathan shares his key takeaways from the event below.

1. Pressure is building on firms to become GDPR ready

As expected, the upcoming GDPR legislation was the main theme. With an increasingly large number of vulnerabilities being exposed in every IT system, whether from cyber-attacks or through someone physically stealing devices containing data, the race to become GDPR compliant before the legislation is very real. Yet with the looming date of 25th of May 2018 there are still many un-answered questions around what does ‘compliance’ look like.

2. GDPR not only the responsibility of IT teams

This year’s event was largely made up of IT, CISO and Risk and Governance Managers but it was well noted that the audience should also include CEOs, COOs and MDs as they are the people who are able to influence company-wide policies, which could better prepare businesses for the new regulation. The event highlighted that the GDPR legislation is not just an IT issue but needs to be seen as a business issue and top management support is required to equip all staff with essential knowledge about data protection.

3. How to train your staff to be a firewall

Every staff member has a duty of care to protect the data their organisation holds. According to research from Intel Security, 43% of data breaches and security hacks are caused internally by employees acting irresponsibly or unwittingly meddling with the company’s data and systems. So, all staff members need to be trained to understand the risks of data mismanagement to minimise ‘own goals’.

4. New roles are emerging

While every employee within a business creates and stores data, it seems that often nobody really takes ownership of it. In some large organisations roles such as Data Protection Officers are emerging, giving individuals responsibility for looking after data management processes. This is a role which is likely to become more prominent in the increasingly regulated world of data. At the same time IT Security Analysts, Risk Managers and Governance Managers are going to be required in increasing numbers to look at organisations’ existing structures, policies and procedures. However, as yet investment in these roles seems all too scarce.

5. SMEs struggle to prepare for GDPR

GDPR compliance is relevant to organisations which have over 4,000 pieces of data. Whilst this may sound like a lot to the man on the street, IT professionals will know this is a relatively low amount; in fact I probably have 4,000 pieces of profile data on my work computer alone!

Whilst larger organisations have the funds to buy secure systems and hire staff such as DPOs, smaller organisations are going to struggle to make these changes in time for the new legislation, not only putting them at risk of cyber-attacks but also fines for non-compliance.

6. How much risk can companies afford?

A few speakers openly stated that most companies in attendance at the event won’t be GDPR compliant in time. For this reason, they must focus on protecting the data which is most sensitive and most at risk and be able to show that they have put steps in place to protect data. Companies will need to establish what an acceptable level of risk is and Risk and Governance managers can help with this.

7. Using third parties to hold your data does not make you exempt

As more and more companies store their data through third parties in the cloud, the responsibility of keeping the data secure does not shift. Supply chain managers will need to be savvy on GDPR compliance before choosing vendors and third parties, to ensure that they are GDPR compliant.

The event as a whole reinforced the idea that although an increasingly large number of individuals and organisations are aware of information security precautions their businesses must take there is still a tendency to talk and not act. Companies must see the impact of this in driving their business outcomes and not just expect IT to “deal with it!” Also there is going to need to be a real push on resourcing for the challenges but as yet the large majority of organisations are “making-do” rather than hiring.

To see our latest security vacancies, click here. To find out about our recruitment capabilities in security, click here.

Recommended articles

Top in News & insights

Back to top