The cloud is a hot topic which is regularly on the minds of enterprises all over the world. The way we work, lead and build companies is changing, and it’s all thanks to the cloud. Malgorzata Zabieglinska-Lupa, ICT product manager, discusses the most important questions regarding the challenges and latest trends that will influence the security industry with Comarch’s risk and information security specialist, Ewelina Kornas-Zarzycka.
Malgorzata Zabieglinska-Lupa: What are the biggest threats facing security and risk management leaders?
Ewelina Kornas-Zarzycka: The world of IT security is rapidly evolving, and has become more challenging than ever before. This means that we must recognize and understand the trends, incidents and changes in the world, and their impact on IT environment protection. There are quite a variety of threats to IT infrastructure, and as you can imagine, there are many different means of obtaining information illegally. Organizations are susceptible to cyber-attacks, and a myriad of threats to IT infrastructure are an everyday problem. Among them are malicious attacks, specific security breaches, viruses and malicious software (spyware, adware and ransomware), and social engineering. It is essential to put in place proactive measures to limit these potential attacks. Implementation of an SIEM system is a key component of any effective security program, but it is only a beginning. Therefore, it is very important to consider implementation of processes such as security incident management, risk management, vulnerability management and compliance management (read more about IT security processes here).
On the other hand, organizations today vary in their level of IT maturity, and some may lack the ability to adopt new technologies and processes effectively. In such a situation, it is rational to use cost-optimum services provided by specialist companies.
Malgorzata Zabieglinska-Lupa: With in-depth analysis, a rapidly changing IT environment, risk management challenges, large-scale cyber-attacks and data compliance issues facing businesses today, what are the main challenges facing security and risk management leaders?
Ewelina Kornas-Zarzycka: The nature of risk management has evolved rapidly over recent decades, and every organization currently manages risk in some way. What we can say is that they increasingly recognize that risk management applies to both negative and positive opportunities. Each case requires a proactive approach, implying a process that includes a series of well-defined steps. If we understand the scale of the possible threats and opportunities, we can decide whether to accept the threat or opportunity, or act upon it in some way.
An important aspect of the risk management process is an awareness that it should be dynamic and responsive in a changing business environment. The global economy, recent political events, increased regulatory scrutiny, dependence on rapidly evolving technology, cyber-threats and concerns about privacy management are leading risk issues today. Risk management is a key aspect of the responsibilities of both management and security specialists, because it cannot take place in isolation and needs to be supported by a framework within an organization. It is worth emphasizing that risk management is changing rapidly, in terms both of the tools and techniques that can be applied and adjusted to our environment and our business needs. Furthermore, organizations are much more likely to invest additional resources in risk management so as to be ready to take on new challenges and to succeed.
"An important aspect of the risk management process is an awareness that it should be dynamic and responsive in a changing business environment"
Malgorzata Zabieglinska-Lupa: The General Data Protection Regulation (GDPR) comes into effect on May 25 2018. We hear about it every day. Clearly, there is an urgent need for organizations to urgently assess their technology, practices and processes to prepare for it. Most of us have even started to tune it out, but with just eight months to get your entire organization ready, the pressure is truly on. What changes does the GDPR bring to clients?
Ewelina Kornas-Zarzycka: As we know, managing the use and protection of personal data in today’s information world is crucial. The deadline for GDPR compliance is rapidly drawing closer, and May 25 2018 will certainly change the European privacy landscape. For companies and their clients, this means a number of changes. First of all, the GDPR emphasizes data subjects’ rights, such as access, correction, portability and deletion, rectification, objection to processing, no automated processing and profiling. Furthermore, companies have to implement adequate safeguards and controls around the collection, storage, protection and sharing of personal data. A well-organized incident management process should be operated, due to the necessity of reporting a personal data breach to the relevant Data Protection Authority within 72 hours.
All these actions mean that GDPR compliance will help prevent incidents and damage. Complying with the GDPR will also help companies build trust with clients and improve their relationship with them.
"Complying with the GDPR will also help companies build trust with clients and improve their relationship with them"
Malgorzata Zabieglinska-Lupa: Under the Directive, organizations are encouraged to implement protective measures corresponding to the nature of the data and the risks of processing it. We see increased focus on risk as a touchstone for regulation. How do we think about risk under the GDPR?
Ewelina Kornas-Zarzycka: There are a range of reasons why organizations undertake risk management activities; among them is ensuring compliance with legal and regulatory obligations. The GDPR requires organizations to take a ‘risk based approach’ to data protection that considers potential ‘harm’ to an individual. Therefore, it is crucial not only to understand what data the organization holds and for what purpose, but also to evaluate the risks to which individuals are exposed due to potential data breaches, and then to use mitigation techniques to control and minimize potential impacts.
Malgorzata Zabieglinska-Lupa: Innovations and digital technology are increasingly being adopted by businesses. That's why in recent years there has been a clear move away from traditional security measures towards new methodologies and best practices, in order to be better prepared for both current and future security challenges. What does the future hold for the security market?
Ewelina Kornas-Zarzycka: On the one hand, there are threats such as increasingly sophisticated forms of cyber-attacks, which, if successful, could threaten the continuity of business, lead to information leaks, reputation losses or even market outages. On the other hand, we find fast-growing technology, high-end solutions for analysis and monitoring IT infrastructure, and tools to help build our processes.
Malgorzata Zabieglinska-Lupa: One final question. I always wonder what attracted you to the security field?
Ewelina Kornas-Zarzycka: It is a very dynamically changing and, at the same time, a very demanding area, which requires constant improvement, following both trends and threats which take on more and more sophisticated forms. The role of security cannot be overestimated and being part of it gives you a lot of satisfaction.