Attendees at the VigiTrust Advisory Board annual worldwide meeting took part in two days of in-depth discussion covering a broad swathe of topics under the umbrella of data security and information governance. As always, the invitation-only event was very well attended by senior international executives from a range of industry sectors such as healthcare, financial services, government, education and retail.
Since it began in 2012, the Advisory Board has placed a strong emphasis on information sharing and education in a confidential, non-commercial setting, featuring thought leaders who can call on decades of experience in their respective fields. Speakers included Victor Timon, consultant with law firm Maples & Calder, Melanie Ensign from Facebook’s security communications group, Graham McKay of Microsoft – and formerly CISO with the University of Dundee – as well as Mike Bass and Robert Ball of Ionic Security.
Also speaking were members of VigiTrust’s team including CEO Mathieu Gorge, COO Rowan Fogarty and Pergrin Pervez of the company’s North America operations. This year’s event was kindly hosted at the offices of BDO in the centre of Dublin city.
In the coming months on our blog, we’ll be publishing posts inspired by the discussions and debates that took place during the Advisory Board meeting. In the meantime, here is a brief summary of the trends that were aired during the event.
Days before the Advisory Board met, the EU General Data Protection Regulation (GDPR) was finally signed, and not surprisingly this was discussed at the sessions. One participant noted how the level of risk associated with the GDPR has catapulted data protection into the boardroom. And it’s probably not a coincidence that at VigiTrust, we’ve seen a noticeable increase in requests for data protection training in recent months.
From a technical perspective, one of the biggest shifts in the security landscape has been the evolution in thinking to meet the needs of a world where data, not devices, are where the real value lies. In the past, security people have tended to protect physical things like networks and hardware, but now it needs to move to protecting information, wherever it lives. This could prompt innovation in an industry that’s been based on the same thinking going back a number of years.
Speaking of old ways of doing things, one of the most thought-provoking parts of the Advisory Board covered the reputation of infosecurity and how to improve it. It’s the job of security professionals to do a better job of communicating their message to the outside world in a way that resonates with non-technical people. That means toning down the fear-mongering and replacing it with positive messages about how security can put people back in control. This topic prompted vigorous debate on the day and it’s one we’ll return to in future posts.
Vendor risk management was a hot topic at the event, which was inevitable given that several major breaches originated with third parties. As such, CSOs have no choice but to initiate a strategy about managing vendor risk to make it part of an organisation’s security DNA.
The group also covered security awareness and training, with discussions covering KPIs to measure the effectiveness of campaigns.
A subject matter expert in healthcare security and prominent member of ISACA in New York, spoke of how ransomware is a growing problem for the health sector right now, with a threefold increase in Q4 2015 compared to the previous two quarters. He also spoke of emerging security problems with the Internet of Things and the potential impact this could have on the healthcare market.
The security skills shortage reared its head, and it’s especially acute in the security industry. The consensus from the floor was that the gender imbalance needs to change, and that diversity in security teams can be positive because it helps people to think from a perspective of real-world experience.
That was just a taster of some of the subjects we’ll be returning to over the coming months. Be sure to check back at the VigiTrust blog regularly, or better still, subscribe to ensure you don’t miss an update. And watch for news about next year’s event, which is scheduled for May 17-19 in Dublin. We look forward to seeing you there.