Experts react to the security risks of GDPR and AI

Security experts grapple with AI, GDPR and ransomware

Over the last few months, security experts have had to contend with the General Data Protection Regulation (GDPR), ransomware, and AI as the three most pressing IT issues companies have to face at present.

Organisations are still dealing with the fall out fromWannacry, which brought NHS hospitals to a standstill; GDPR is on its way with very few getting to grips with it still; and artificial intelligence is still some way off and may not deal with security problems the way we expect.

Advertisement - Article continues below

Back in the GDPR

Virtually every vendor has a view on GDPR, the EU's more stringent data protection law due to come into force next year and introduce fines of up to 4% of turnover for security breaches. Endless surveys and research suggest very few organisations are prepared for the rules. Although, to be fair, it is hard to be ready when the Information Commissioner's Office (ICO) itself hasn't yet published its final guidance on certain aspects. Adhering to the eight data protection principles still appears to be the best way forward in order to be compliant with GDPR.

Peter Brown, a senior technology officer from the ICO, told attendees in a keynote speech at Infosecurity Europe 2017, held in London last week, that with a year to go, it would be better for firms to think of GDPR more positively and emphasise the opportunities. If a company can demonstrate it is fully compliant, its reputation will be enhanced.

Advertisement - Article continues below
Advertisement - Article continues below

He was quick to point out that come 26 May next year, when the GDPR applies, the ICO wasn't going to start banging down doors and demanding 4% of a company's turnover in case of a security breach.

Ilias Chantzos, Symantec's senior director of government affairs for EMEA and Asia, said there is no box that can "solve" GDPR problems.

Brexit is also making its presence felt. In another keynote speech, Microsoft's CISO, Bret Arsenault, spoke against "digital xenophobia" criticising how different countries handle data protection. Brexit is very likely to result in the UK drawing up its own data protection laws and these will not completely overlap with the EU, meaning companies having to deal with any differentiations.

Wannacry me a river

The recent Wannacry attacks had a silver lining, according to Rik Ferguson, who is vice president of security research at Trend Micro and a special advisor to Europol. This is that the trust model between victim and criminal in a ransomware attack may have been broken. People have become more aware that paying the ransom doesn't always result in getting data back from criminals - it's much better to keep regular backups.

Advertisement - Article continues below

James Lyne, a security researcher with Sophos, who was in the same panel discussion at Infosec with Ferguson, said that Wannacry has seen ransomware getting more sophisticated, and this means that organisations and people cannot rely on tools to decrypt locked files. He added that the danger has become more real in many people's minds, increasing awareness of it, which could ultimately be good news as the more people take seriously the threat of hacking and cybercrime, the more people will be cautious about suspicious content.

Unsurprisingly, Wannacry has been good financially for the channel. According to channel analysts Context, the malware outbreak has increased sales of cybersecurity goods and services by a significant margin.

Internet of Things can only get better?

Another issue was the increasing use of automation within technology as well as its impact on IT security. In a keynote speech, security guru Bruce Schneier said that with the internet now meeting the "classic definition" of a robot as far as it being able to sense, think and act, we are creating a world-sized robot without even realising it. He argued that IoT systems such as self-driving cars, power stations and medical devices can be hacked with real consequences, more so than with a traditional PC.

Advertisement - Article continues below

Once more, governments will have to step in to force companies to improve security rather than relying on the market to deal with things. He just hoped that any regulation would be "smart" rather than "stupid".

Artificial intelligence as a basis for IT security also got a grilling from Giovanni Vigna, CTO ofLastline. In a speech at Infosec, he said such technologies only really work when they have large data sets, and you can only learn from "things you know".

But machine learning could be used to reduce the number of security analysts needed and direct focus on more important issues, he added, acknowledging that there is a renewed interest in anomaly detection using machine learning, but this would require modelling good behaviour and this takes time.

Ultimately, artificial intelligence, machine learning, and deep learning cannot be used in a simple way, according to Vigna. Organisations need to start at breach detection events to teach such systems to look for similar patterns elsewhere.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



How can you protect your business from crypto-ransomware?

4 Nov 2019

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020