The EU’s General Data Protection Regulation (GDPR) compliance deadline of 25 May 2018 did not cause the end of humanity as predicted. What should have happened is that organisations would embrace changes to data protection brought in by the GDPR and take the time to reconnect with their information assets, truly understanding their purpose and value.
One thing that happened in 2018 that was not predictedIt was not predicted that December would see news of some of the biggest data breaches, with lost records this month alone in the hundreds of millions. Is there anything left to lose? Also, who could have predicted that the Financial Conduct Authority (FCA) would get involved in a data protection issue, or that the Information Commissioner’s Office (ICO) would use non-data protection legislation (Computer Misuse Act) to secure a conviction .
One thing that should happen in 2019 but probably will notBusinesses in 2019 should align security strategy to business objectives, destroy the security silos, embrace neuro diversity , make security risk a business risk, take the talking spoon off the techies, reconnect with the information, reprogram thinking to respect and value their staff, fully understand the concept of defence in depth protecting information appropriately, build technical security solutions that are contextual and user supportive, write policies that are outcome-based instead of rule-based, introduce decent role-based, culture-enhancing education, and stop getting breached.
CW Security Think Tank contributors’ wish list for 2019 Prioritise multifactor authentication in 2019. Let’s get back to basics in 2019.
