On 17 May, Access Partnership attended a techUK event on Cyber in the Digital Economy. The one-day conference brought together a variety of stakeholders from across the industry who provided insight on cybersecurity, privacy, the Internet of Things (IoT), and Artificial Intelligence (AI) in the wake of the Fourth Industrial Revolution.
From updates on the General Data Protection Regulation (GDPR) to intelligence-based cybersecurity, here are Access Partnership’s top four takeaways from the event.
- GDPR: “Enforcement is the last line”
Just days before the introduction of the GDPR, many companies, particularly small and medium enterprises and micro businesses were beginning to fear the fines for non-compliance.
Responding to this, Nigel Houlden, Head of Technology Policy at the Information Commissioner’s Office, made use of his keynote speech to highlight that not all infringements of the GDPR will lead to the regulation’s most serious fines.
He emphasised the case-by-case, discretionary nature of fines and other enforcing powers. He also indicated that the Information Commissioner’s Office would maintain its proportionate and pragmatic approach, while not allowing any persistent, deliberate or negligent flouting of the law. He noted how important the early days of the GDPR will be, and how urgent it is to demonstrate intentions to comply, even if full compliance isn’t achievable in time.
- Security by design: Essential protection for critical national infrastructure
Critical national infrastructure facilities are the bloodline of the economy. Today, they are at an enhanced risk from malicious cyber criminals, as proven by the 2015 and 2016 attacks on Ukrainian power plants and the 2016 targeting of Kemuri Water Company.
The risk will only amplify as the introduction and use of Industrial Internet of Things (IIoT) and cloud-based services accelerate. To mitigate this, IoT developers need to introduce bottom-up security by manufacturing Security by Design devices. Security by Design is the most fundamental and sustainable defence against an ever-evolving cyber threat. There is a need for a fundamental shift in approach: moving the burden away from consumers having to secure their devices and instead ensuring strong security is built into consumer IoT products by design.
- Digitisation of the retail sector: New vulnerabilities
The current scale and pace of change in the retail sector is unprecedented, but some serious challenges lie ahead. Shrinking margins, stagnant wages and the encroachment of e-commerce are depressing traditional retail spend. As a result, we are seeing a record number of brick-and-mortar retailers closing stores or digitising their offering to survive.
Mobile applications, social media platforms, loyalty programs and data analytics have made it easier for retailers to reach customers and improve operational and marketing performance. However, with such a wealth of information stored, the retail sector’s digital transformation also makes it more vulnerable to cyberattacks. The influx of IoT in daily life has been matched by an explosion of new platforms and apps—many of which have been designed with utility, rather than security, in mind. Retailers will need to decide on the level of cybersecurity measures they are willing to introduce at the risk of customer attrition.
- Intelligence-led cybersecurity: Maximising resilience
Intelligence-led cybersecurity enables firms to stay on top of the threat. Through reviewing and analysing the latest cyber trends as well as engaging and sharing information with other stakeholders, firms can successfully identify future sources of cyberattacks and deter them appropriately. An intelligence-led approach helps to present a proactive image of the company and maximises threat mitigation efficiency, cumulating in a robust ecosystem.
Author: Hussein Abul-Enein, Public Policy Analyst, Access Partnership
