In-depth

Experts react to the security risks of GDPR and AI

Security experts grapple with AI, GDPR and ransomware

A padlock on a motherboard surrounded by keys

Over the last few months, security experts have had to contend with the General Data Protection Regulation (GDPR), ransomware, and AI as the three most pressing IT issues companies have to face at present.

Organisations are still dealing with the fall out fromWannacry, which brought NHS hospitals to a standstill; GDPR is on its way with very few getting to grips with it still; and artificial intelligence is still some way off and may not deal with security problems the way we expect.

Back in the GDPR

Virtually every vendor has a view on GDPR, the EU's more stringent data protection law due to come into force next year and introduce fines of up to 4% of turnover for security breaches. Endless surveys and research suggest very few organisations are prepared for the rules. Although, to be fair, it is hard to be ready when the Information Commissioner's Office (ICO) itself hasn't yet published its final guidance on certain aspects. Adhering to the eight data protection principles still appears to be the best way forward in order to be compliant with GDPR.

Peter Brown, a senior technology officer from the ICO, told attendees in a keynote speech at Infosecurity Europe 2017, held in London last week, that with a year to go, it would be better for firms to think of GDPR more positively and emphasise the opportunities. If a company can demonstrate it is fully compliant, its reputation will be enhanced.

He was quick to point out that come 26 May next year, when the GDPR applies, the ICO wasn't going to start banging down doors and demanding 4% of a company's turnover in case of a security breach.

Ilias Chantzos, Symantec's senior director of government affairs for EMEA and Asia, said there is no box that can "solve" GDPR problems.

Brexit is also making its presence felt. In another keynote speech, Microsoft's CISO, Bret Arsenault, spoke against "digital xenophobia" criticising how different countries handle data protection. Brexit is very likely to result in the UK drawing up its own data protection laws and these will not completely overlap with the EU, meaning companies having to deal with any differentiations.

Wannacry me a river

The recent Wannacry attacks had a silver lining, according to Rik Ferguson, who is vice president of security research at Trend Micro and a special advisor to Europol. This is that the trust model between victim and criminal in a ransomware attack may have been broken. People have become more aware that paying the ransom doesn't always result in getting data back from criminals - it's much better to keep regular backups.

James Lyne, a security researcher with Sophos, who was in the same panel discussion at Infosec with Ferguson, said that Wannacry has seen ransomware getting more sophisticated, and this means that organisations and people cannot rely on tools to decrypt locked files. He added that the danger has become more real in many people's minds, increasing awareness of it, which could ultimately be good news as the more people take seriously the threat of hacking and cybercrime, the more people will be cautious about suspicious content.

Unsurprisingly, Wannacry has been good financially for the channel. According to channel analysts Context, the malware outbreak has increased sales of cybersecurity goods and services by a significant margin.

Internet of Things can only get better?

Another issue was the increasing use of automation within technology as well as its impact on IT security. In a keynote speech, security guru Bruce Schneier said that with the internet now meeting the "classic definition" of a robot as far as it being able to sense, think and act, we are creating a world-sized robot without even realising it. He argued that IoT systems such as self-driving cars, power stations and medical devices can be hacked with real consequences, more so than with a traditional PC.

Once more, governments will have to step in to force companies to improve security rather than relying on the market to deal with things. He just hoped that any regulation would be "smart" rather than "stupid".

Artificial intelligence as a basis for IT security also got a grilling from Giovanni Vigna, CTO ofLastline. In a speech at Infosec, he said such technologies only really work when they have large data sets, and you can only learn from "things you know".

But machine learning could be used to reduce the number of security analysts needed and direct focus on more important issues, he added, acknowledging that there is a renewed interest in anomaly detection using machine learning, but this would require modelling good behaviour and this takes time.

Ultimately, artificial intelligence, machine learning, and deep learning cannot be used in a simple way, according to Vigna. Organisations need to start at breach detection events to teach such systems to look for similar patterns elsewhere.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

New ransomware group is attacking US firms and educational establishments
ransomware

New ransomware group is attacking US firms and educational establishments

15 Jul 2021
Interpol calls for more action to prevent "ransomware pandemic"
cyber security

Interpol calls for more action to prevent "ransomware pandemic"

13 Jul 2021
84% of organizations experienced phishing or ransomware attacks in the last year
ransomware

84% of organizations experienced phishing or ransomware attacks in the last year

12 Jul 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

9 Jul 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021