Secure forenoon, held on the 11th October 2016 at CROZ’s education center, covered the topic for implementing the new EU regulation – General Data Protection Regulation (GDPR) and gathered a lot of attention of the IT experts from numerous companies and organizations.
This edition of the Secure forenoon, which was the most visited one, covered the current topic about regulation that has to be implemented until May 2018 by all member states of the European Union with a purpose to additionally protect the personal information of the citizens – whether it is about a name of the person, personal identification number, IP address, GPS location, financial data, or any other personal data that is collected by different companies and organizations. The secure forenoon is the first event in Croatia which covered the topic of personal data protection in a structured way.
Introduction in GDPR was held by Dražen Pranić from Tele2 Croatia. He stated that the primary motive for conducting the IT revision and complying with the new regulation is the enormous penalty if the company or organization breaks any of the articles in the regulation, and it can reach up to 4 % of total income of the company or 20 million Euros (depending what is the bigger amount). The implementation period for complying with these regulations is less than 2 years, which is relatively short period, especially if the company is larger or less technologically advanced, so it is recommended to start taking the steps for adopting the regulation as soon as possible. Dražen Pranić has noted further that this regulation will also be the biggest motivation to increase the IT security, which is at the highest level only in the financial institutions. Ultimately, end users will benefit the most from these changes which was one of the primary motives for creating and enforcing the regulation. In case of an attack or data theft, the companies will have to inform specific institutions within 72 hours from the time when the incident happened which will be the challenge for many companies and organizations. Regulation will also define the bare minimum for protection of the personal information of users and by this it will encourage to limit the deadline for keeping (storing) the user data information. Systematic approach to the IT security will be necessary, and it will consist, among others, of risk assessment, detailed activity logging, encryption and pseudonymisation of the personal data, and education of the employees so that the security of the organization’s IT system could reach the highest possible level.
Krešimir Filla, consultant for security solutions from the CROZ company, gave a really good overview about the IT security and changes that occurred in the last 20 years. Fifteen years ago, the attackers (hackers) were motivated by competing with each other, while today’s motivation is the financial gain. Today’s hackers, unlike the ones from 15 years ago, have an easier access to the IT knowledge and tools that will bring them larger financial gain and even increase the damage inflicted to the organizations and end users. They are using software vulnerabilities, mobile phones losings, security errors made by external associates, phishing attacks and numerous other oversights and tools to gain benefits for themselves. As an answer to these attacks, companies and organizations need to be at least one step ahead of the attackers and additionally invest in the equipment, software and knowledge to ensure, among others, that personal data of their users is secure. Beside firewalls and antivirus software, they have to implement solutions like mobile device management, penetration testing, and systems intended for prevention of the data leaking. Krešimir Filla, also said that the future of the IT security is in the artificial intelligence, quantum cryptography and Managed security services.
In the second half of the Secure forenoon, participants were addressed by numerous experts from the field of IT security who presented tools and solutions that help companies to improve the security of their IT system, and also help in preparation for complying with the EU regulations. Arne Jacobsen from the IBM had presented the leading solution for the security incident management – IBM Resilience. Igor Sokač from CROZ talked about identity management, while Davor Perat from Symantec presented their solution – VIP Symantec™. Validation and ID Protection Service (VIP) is the cloud solution which enables organization to implement more secure solution for the network access and organization’s applications because passwords are no longer enough to ensure the best and optimum security. At the end of the Secure forenoon, Danijel Šurina from the Netsafe presented Fortinet solution – the Cyber Threat Assessment, which can help organization to assist in the attack prevention, detect which applications are used by employees and monitor the network to improve the network speed and efficiency.
