In-depth

Experts react to the security risks of GDPR and AI

Security experts grapple with AI, GDPR and ransomware

Over the last few months, security experts have had to contend with the General Data Protection Regulation (GDPR), ransomware, and AI as the three most pressing IT issues companies have to face at present.

Organisations are still dealing with the fall out fromWannacry, which brought NHS hospitals to a standstill; GDPR is on its way with very few getting to grips with it still; and artificial intelligence is still some way off and may not deal with security problems the way we expect.

Back in the GDPR

Virtually every vendor has a view on GDPR, the EU's more stringent data protection law due to come into force next year and introduce fines of up to 4% of turnover for security breaches. Endless surveys and research suggest very few organisations are prepared for the rules. Although, to be fair, it is hard to be ready when the Information Commissioner's Office (ICO) itself hasn't yet published its final guidance on certain aspects. Adhering to the eight data protection principles still appears to be the best way forward in order to be compliant with GDPR.

Advertisement
Advertisement - Article continues below

Peter Brown, a senior technology officer from the ICO, told attendees in a keynote speech at Infosecurity Europe 2017, held in London last week, that with a year to go, it would be better for firms to think of GDPR more positively and emphasise the opportunities. If a company can demonstrate it is fully compliant, its reputation will be enhanced.

He was quick to point out that come 26 May next year, when the GDPR applies, the ICO wasn't going to start banging down doors and demanding 4% of a company's turnover in case of a security breach.

Ilias Chantzos, Symantec's senior director of government affairs for EMEA and Asia, said there is no box that can "solve" GDPR problems.

Brexit is also making its presence felt. In another keynote speech, Microsoft's CISO, Bret Arsenault, spoke against "digital xenophobia" criticising how different countries handle data protection. Brexit is very likely to result in the UK drawing up its own data protection laws and these will not completely overlap with the EU, meaning companies having to deal with any differentiations.

Wannacry me a river

The recent Wannacry attacks had a silver lining, according to Rik Ferguson, who is vice president of security research at Trend Micro and a special advisor to Europol. This is that the trust model between victim and criminal in a ransomware attack may have been broken. People have become more aware that paying the ransom doesn't always result in getting data back from criminals - it's much better to keep regular backups.

James Lyne, a security researcher with Sophos, who was in the same panel discussion at Infosec with Ferguson, said that Wannacry has seen ransomware getting more sophisticated, and this means that organisations and people cannot rely on tools to decrypt locked files. He added that the danger has become more real in many people's minds, increasing awareness of it, which could ultimately be good news as the more people take seriously the threat of hacking and cybercrime, the more people will be cautious about suspicious content.

Unsurprisingly, Wannacry has been good financially for the channel. According to channel analysts Context, the malware outbreak has increased sales of cybersecurity goods and services by a significant margin.

Internet of Things can only get better?

Another issue was the increasing use of automation within technology as well as its impact on IT security. In a keynote speech, security guru Bruce Schneier said that with the internet now meeting the "classic definition" of a robot as far as it being able to sense, think and act, we are creating a world-sized robot without even realising it. He argued that IoT systems such as self-driving cars, power stations and medical devices can be hacked with real consequences, more so than with a traditional PC.

Advertisement
Advertisement - Article continues below

Once more, governments will have to step in to force companies to improve security rather than relying on the market to deal with things. He just hoped that any regulation would be "smart" rather than "stupid".

Artificial intelligence as a basis for IT security also got a grilling from Giovanni Vigna, CTO ofLastline. In a speech at Infosec, he said such technologies only really work when they have large data sets, and you can only learn from "things you know".

But machine learning could be used to reduce the number of security analysts needed and direct focus on more important issues, he added, acknowledging that there is a renewed interest in anomaly detection using machine learning, but this would require modelling good behaviour and this takes time.

Ultimately, artificial intelligence, machine learning, and deep learning cannot be used in a simple way, according to Vigna. Organisations need to start at breach detection events to teach such systems to look for similar patterns elsewhere.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/security/ransomware/28070/best-ransomware-removal-tools
Security

Best ransomware removal tools

7 Dec 2018
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/digital-transformation/354201/boston-dynamics-dog-like-robots-sniff-out-bombs-for
digital transformation

Boston Dynamics dog-like robots sniff out bombs for Massachusetts police

26 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019
Visit/mobile/mobile-phones/354222/samsung-sails-past-apples-market-share-despite-smartphone-market-slump
Mobile Phones

Samsung sails past Apple's market share despite smartphone market slump

28 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019