16th e-Crime & Cybersecurity DACH: Virtual Edition
14th January 2021
Digitalisation is not optional; the Cloud is unavoidable; business transformation is survival. Can CISOs maintain control?
The judgement of the Court of Justice of the European Union Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (Schrems II) is a wake-up call. Max Schrems’ privacy group, Noyb, has already filed 101 complaints with regulators across all EU member states against companies with major European websites using code from Facebook or Google, both of which transfer data to the U.S. for processing. And in the first sign of major action from an EU regulator, the Irish DPC has sent Facebook a preliminary order to suspend data transfers to the U.S.
Facebook has responded that if standard contractual clauses (SCCs) cannot be used for data transfers then “in the worst case scenario, this could mean that a small tech start up in Germany would no longer be able to use a US-based cloud provider. A Spanish product development company could no longer be able to run an operation across multiple time zones. A French retailer may find they can no longer maintain a call centre in Morocco.”
But as businesses are effectively forced into the Cloud by WFH, COVID-driven digitalisation and the broader expectations of customers used to dealing with the FANG five giants, questions of cybersecurity and privacy are pushed to the fore. The nature of cybersecurity, how much control businesses have in choosing levels of cyberrisk to accept, and the extent to which in-house CISOs and on-premise security are relevant to the overall security posture of large companies, are up for debate.
According to Verizon’s DBIR this year, Cloud assets were involved in 24% of breaches this year, with applications a key issue. 40+% of those breaches came from web apps, rapidly overtaking desktop as the top source of breach. These and other third-party vendors present a real and growing problem for organizations in terms of visibility, complexity and security.
And basic asset management is still a problem. According to the DBIR, half of all companies are present on seven or more networks. Yet getting visibility into your entire asset footprint and understanding your extended attack surface is crucial.
So 2021 will be the year in which companies must come to terms with their new digital infrastructures, break down silos, increase visibility and get a grip on Cloud, SaaS and other third-party security challenges.
The 16th e-Crime & Cybersecurity DACH will take place online and will look at how cybersecurity teams, risk management functions and boards are tackling the key issues. As digitalisation goes critical, is this finally the moment at which traditional cybersecurity management has to change?