GDPR: Who is responsible for what?

The EU General Data Protection Regulation (GDPR) and the Network Information Security (NIS) directive are already causing a flurry of activity among businesses. Who is ultimately responsible for cybersecurity seems to be attracting particularly intense discussion. According to a recent study by Palo Alto Networks, cybersecurity is usually the responsibility of CIOs in 50% of companies compared to 30% of CISOs. This is a surprising finding, especially considering that the role of Chief Information Security Officer implies this task. Whether this changes is probably more of a political rather than technical matter. At least around 30 percent of respondents believe that the CISO or CSO should be responsible for cybersecurity. The current situation points to long established and seldom adapted rituals in the distribution of responsibility within companies.

Regulation for IIoT is on its way – but is it enough?

Two of the biggest technology trends today – IoT (Internet of Things) and M2M (machine-to-machine) communications – are changing the business world beyond all recognition.

Companies of all sizes, from major manufacturers to small-and medium-sized services companies from all sectors, now have a golden opportunity to derive new revenue streams from managing and servicing their customers’ equipment remotely.

According to leading industry analysts, the IoT market already accounts for hundreds of billions of dollars in 2017 – a figure that is set to be in the trillions by 2021. But new research reveals IoT is also a major headache for enterprise everywhere because of limited information and inadequate security measures. Legislators in the U.S. and in Europe are working to bring in standards compelling designers to do more to make their devices secure. But the signs are that even then they may be limited in scope. The good news at least is that remote connections can be reliably secured so that M2M communications remains private and confidential using virtual private networks (VPNs).

How to Lose User Confidence and Jeopardize Security

Using up-to-date security software is pretty much at the top of recommended defense measures. Anti-virus and anti-phishing software filter out daily attacks from network communications. However, it is important that users can trust this software to intercept malicious software, harmful links, and other threats no matter who they come from. Threats may originate from criminals but also increasingly government organizations. Users also expect that data remains stored confidentially on their devices, especially considering that security software has the capability of viewing and intercepting data. Recently, the Russian antivirus company Kaspersky has made headlines for exactly this reason. US authorities claim that Kaspersky stole top-secret software from a government employee’s PC and delivered it to the Russian intelligence service. This included exploits for previously unknown vulnerabilities.

Smart buildings need cyber-resilience built-in

Internet of Things (IoT) and machine learning are coming together to bring about a sea change in how we use buildings, at home and at the office. Smart infrastructure makes domestic households more energy efficient and allows companies to optimize their real estate. Almost every large enterprise and government organization is currently working on smart infrastructure projects at some level. It’s no surprise that the market for smart buildings is expected to increase four-fold by 2021. The pursuit of greater efficiency and convenience, however, introduces new risks. Many IoT devices and management systems still run on legacy software and lack any kind of security standards. This makes them vulnerable to attacks by hackers. The answer is to build-in cyber-resilience from the beginning starting with securing all connection points using virtual private networks (VPNs).