I look forward, with great anticipation, to engaging with some of the best cyber security industry innovators at Cyber Week 2017 in Tel Aviv later this month (June 25-29). This year’s conference comes at a time when the industry is increasingly challenged.
Data breaches are commonplace. But it often appears that when a significant breach makes the headlines, it causes a few days of intense work and concern, and then fades from memory.
What doesn’t fade are the associated costs for consumers and companies—thousands, millions, and potentially billions of dollars (does anyone want to guess when the first $1B breach will occur)? Some costs are internal and not always visible from the outside. When a large organization experiences a data breach, a crisis response team must typically inform affected customers and handle external communications. Much time is expended communicating with internal stakeholders to mitigate the data loss and reduce the risk of further damage. The organization’s security team expends resources to identify the root cause, quarantine the affected systems, and implement a remediation plan. Longer term, reputations suffer, sales and profits diminish, people lose jobs, and additional costs such as security hardware and software purchases emerge.
The external costs of the breach may be high and visible, particularly if negligence was involved. In those cases, courts determine fault and liability. Investigations into the breach often involve an analysis of the existing security controls and preventive measures. A court may not find the breached organization liable for the customer or third-party injuries, often due to the difficulty of proving the harm. When harm is measurable and proven, punishments are often substantial – especially where existing security controls were clearly inadequate. For example, an attack against a large retailer recently resulted in an $18.5 million payout as well as commitments to hire an executive overseeing an information security program and a third-party conducting security assessments. Next year, when the General Data Protection Regulation (GDPR) takes effect in Europe, organizations may face fines that are the greater of up to 20 Million Euros or 4% of annual sales. In the case of the retailer, this could have amounted to almost $3 billion!
At Cyber Week 2017, I will engage with conference attendees, industry leaders, and government officials on global security issues. My specific keynotes include the transformative potential of blockchain and understanding the upcoming challenges in automotive cybersecurity, and a TED Talk-like presentation on Moore’s Law and its implications to cybersecurity.
Blockchain technology can hugely enhance the security of online transactions while preventing misuse of financial data. My blockchain discussion won’t focus on client or server architecture, but rather on blockchain’s potential to change how data, assets, and information are currently exchanged. Intel’s contributions here include Sawtooth, an innovative enterprise-grade solution for building, deploying, and running distributed ledgers. Sawtooth is part of the Hyperledger Project.
Moore’s Law has stood strong through decades of development. I’ll be speaking about how it can help companies implement stronger data protection and improved cybersecurity. It’s all about continuing to make those amazing transistors work for us in the security space.
Data breaches are a real threat to our quality of life, safety, and security, and that threat is rapidly growing! I am challenging everyone to be proactive in securing personal and professional data. Please join me and other top industry experts in researching and implementing robust measures to stop bad actors in their tracks and make our world more secure.