Written on 23 September 2018, 04:22pm
Some notes following the Enterprise Cyber Security Europe event, 19 September 2018, Amsterdam.
- @ThomLangford: When trying to hire, look for passion. Technical skills can be taught later on. Also, look for the people who care about what they do, who are full of energy, who are constantly pushing their limits and who are filled with passion.
- Humans are indeed the weakest link in any security system, because brains are hard to upgrade and because emotional manipulation is easy.
- So how do you deal with the human risk? 3 possible avenues:
- throw technology at it
- improve your internal processes (ex: out of band validation)
- or develop a continuous and adaptive security awareness program, where people at Terranova seem to know what they are doing.
- Awareness is for everybody, training is for similar groups of people (ex. a department), education is for the ones who genuinely want to learn
- The story of the women codebreakers at Bletchley Park is fascinating
- Total cyber crime revenues: in the region of $1.5 trillion annually
- Time to detect a data breach: between 99 and 197 days depending on who you ask. Either way, it feels like an eternity
- You can actually turn a data breach into a positive development for your organisation if you manage to be humble, transparent and willing to improve things
- Booking.com is having an interesting ‘everything is a test‘ culture (over 1000 experiments going live at any given time). The company brands itself as a ‘developer-first enterprise’. You must make an effort to find a compromise solution between security and usability
- Preparing for the GDPR should have been easy as long as you have a user-oriented mindset. Don’t forget about the tools for user data export and user data deletion.