A group of about forty of our clients gathered with a cross section of Grant Thornton Advisers in our Kent Street Sydney offices. We identified a balanced approach to ensuring an adequate level of cyber-resilience in mid sized organisations, without "shutting up the shop" in the process. The digital transformation of our businesses must remain a priority, just with a risk and regulatory lens on too.
For regular readers of my postings there was further confirmation that technology is far too important to leave to the technologists alone. It has firmly arrived in the rest of the C-Suites' intrays and savvy Boards'. As this extract from this week's New York Times it is very much part of the defence arsenal as well. Unfortunately as this Times article highlights it's not often done well and, as an NSA operative observes, it isn't nearly as glamorous as at first it might seem.
With mandatory data breach disclosure legislation in force it was acknowledged more than anything else that it was important to have a plan in place. There is a certain inevitability of a notifiable data breach for many businesses. These provisions are in force from February 2018 in Australia, a little later in the same year in the EU and in force in many States across the US already. I shared this useful checklist from my fellow technology partner Matt Green of what you need for your plan:
- how to identify you have a problem
- what are you going to do
- who needs to manage your response
- when and how you are going to respond
- who you have to /are going to notify
- report it www.acorn.gov.au
To this I would add in light of some recent work we have done on "Locking down the value of data" https://www.grantthornton.global/en/insights/cybersecurity/value-of-data-hub/. Ensure you have taken a view on the value of your data not just for your organisation but for others that may seek to profit from it.
We are spending more time than ever with our clients opening up access to data there is no benefit in locking down and spending a great deal more time putting in place plans to protect that data where there is.
Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers. The intelligence was so exquisite that it enabled the United States to understand how the weapons could be detonated, according to two American officials familiar with the operation. The information helped prompt a ban in March on large electronic devices in carry-on luggage on flights from 10 airports in eight Muslim-majority countries to the United States and Britain.