Silks at Crown Sydney recently played host to a very memorable roundtable which brought together leading Australian cyber security practitioners to discuss, Protecting User Privacy in an Era of Great Turbulence.
The CSO Australia event – in association with Thales and Tech Data – provided a terrific opportunity for all attendees to share experiences and insights on important cybersecurity challenges organisations are facing today, with a particular focus on how maintaining and enhancing data protection processes can strengthen user privacy.
The conversation throughout the luncheon roundtable event moderated by Ed Kennedy, Editor of CSO Australia, illustrated the importance of ongoing dialogue within the Australian cyber security sector regarding the discovery, classification, and protection of data. Alongside this, key topics also discussed were who should have access and control, compliance requirements, and incident response mechanisms.
For Erick Reyes, Strategic Clients Director for Thales Australia, the dialogue surrounding the dynamics of data and risk, was particularly vivid.
“This event highlighted how securing data is critical in mitigating risk and providing control to an organisation’s critical assets.”
“A particularly insightful discussion point surrounded the embedding of data security in our processes, to protect our businesses and customers from the risk of cyber breaches and meet compliance. In turn, another key takeaway from this discussion is that organisations should look to proactively pursue ways to embed cyber and data security in their business processes, and not simply do so as an afterthought”, said Mr Reyes.
“Ultimately, embedding data security in the business process will help organisations meet their regulatory compliance, their data sovereignty requirements, and mitigate the risk of data being exploited during a cyber incident. This will help the organisations protect their critical assets, and – as other attendee’s also mentioned – protect their customers.”
Mr Reyes’ thoughts found much common ground with the post-event reflections of Richard Charlton, Business Development Manager for Tech Data.
“Tech Data was delighted to join the discussion, over a wonderful lunch, on modern best practices for data protection in forward-thinking organisations”, said Mr Charlton.
“The future of data security relies on scalable, swift, and data-centric approaches, and businesses must continuously adapt and respond to emerging challenges.”
“Organisations need to understand their data, and then integrate security seamlessly into their processes to ensure asset security, compliance, customer protection, and data-driven innovation.”
This roundtable was held amidst a period of time where far greater pressure has been placed upon Australian enterprises surrounding the protection of data they hold.
The 22-23 financial year saw numerous high-profile breaches of leading Australian enterprises occur. Such events have demanded that organisations come to hold in-house (even) greater awareness and capacity to anticipate such threats.
Furthermore, such incidents have required a rapid response from organisations in terms of reviewing and refining their own cyber security, to see that new approaches illustrate internally – alongside to customers externally – that every possible step is being taken to help ensure the protection of the data said entities hold.
Furthermore, the push to change the Privacy Act of 1998 by the Australian government in the wake of numerous high-profile breaches, to strengthen privacy laws and increase fines for data breaches, has thereafter placed additional pressure upon enterprises. This in addition to increasing consumer awareness of the potential threats residing within the ever-growing capabilities of Artificial Intelligence (AI).
Such matters were discussed in-depth during the roundtable, and were foremost in mind in the reflections of numerous attendees following the event.
As one attendee said in the days after the roundtable, “I think an important learning I had from this event is that organisations are now much more aware of the threats occurring, or the possibility of them occurring. Educating internal staff from top to bottom with onboarding and training efforts initially, and ongoing learning and awareness endeavours generally, is vital. I also think the ad-hoc simulation of a threat taking place, and aligning your necessary teams to act on that situation, is an especially good practice and awareness tool.”
“What’s more, setting up frameworks and processes like ISO27001, NIST, and PCI-DSS, is prudent in organisations. Also, instilling the DevSecOps culture and practices is imperative, and knowing where your data sits – and where and what it traverses – is important to understand for any organisation.”
Furthermore, as another attendee said following the event, “As Cyber Security leaders many of us have seen the advent of many new technologies over the years. Artificial Intelligence (AI) is the latest of these, and it has sparked a great deal of robust debate thanks to pop culture phenomena like the Terminator movies, starring Arnold Schwarzenegger.”
“AI, like the other new technologies that have come before it, has the potential to deliver both positive and negative outcomes. By collectively deciding what we want AI to be, we can avoid the mistakes of the past and ensure we don’t find ourselves expending additional effort, trying to impose retrospective controls down the track.”
CSO, Thales, and Tech Data, thank all who attended this roundtable.