SESSION 5 – Cyber-Security. Mitigating Corporate Exposure to Cyber-Crime
In the last two decades, cyber-crime in all its forms evolved from a limited practice, involving top skills in programming and communication networks, to a worldwide spread phenomenon that affects both individuals and organisations and that does not necessarily require special know-how. In some cases, the technology itself and its inappropriate use facilitate cyber-crime. This session is meant to discuss how exposed are companies to this phenomenon and which are the most common types of cyber-attacks and breaches that affect them.
It is highly important for both Ethics & Compliance professionals and other specialists to realise that cyber-security is not only the job of the IT&C Managers or Chief Information (Security) Officers, but also theirs. The recent developments in the regulatory field and the incidents that left a mark on many public and private organisations lead to a discussion on the necessity of establishing a permanent cooperation among various functions: from CIO/CISO and Data Protection Officer to (Ethics &) Compliance Officer, HR Manager and Legal Adviser. This discussion is still in its infancy, and we hope to make one step further by raising awareness about some risks associated to cyber-crime.
Day 2 | Friday, November 11, 2016
Gratiela MAGDALINOIU (ISACA Romania Chapter)
How Exposed Are We Really?
Dan POPA, Information Security Manager (Orange Services)
During this presentation I will paint a general picture of the current threat environment todays’ companies are facing, regardless of their business sector, describe who we are (or should be) protecting ourselves against and of course explain how those risks can be managed. The attackers today are far from what they used to be 10 or 15 years ago, both in terms of skill set and, more importantly, motivation. Understanding them is one of the first steps in learning how to defend against them.
We will also go through some common attack vectors and examples of recent attacks while focusing on people, which are probably the most important, and often overlooked, asset companies have. I will present what social engineering is and how it can be leveraged to severely impact an organization, even by attackers with rather limited technical skill sets.
Last but not least, we will discuss about what security, or lack thereof, means from a strictly financial point of view. This means describing the possible direct and indirect financial impact security incidents can have on a company, but also the financial motivation attackers have. We will also be looking at some recent statistics on the financial impact of information security breaches that will help us gain a more accurate image on what we are exposed to.
Blockchains – Creating a New Model for Trusted Business Transactions on the Cloud
Sabin POPA, Cloud Service Area Leader (IBM Client Innovation Center Romania)
For centuries, global trade has been the single greatest creator of wealth in human history and market friction the greatest obstacle to wealth. Over the years, businesses have overcome multiple sources of friction. Institutions and instruments of trust emerged to reduce risk in business transactions. Technology innovations helped overcome inefficiencies. Still, many business transactions remain inefficient, expensive and vulnerable. The internet introduced new types of friction like cybercrime which threaten to cripple even the most successful organizations.
Blockchain technology – which creates a permanent and transparent record of transactions – has the potential to obviate intractable inhibitors across industries. Distributed ledgers like blockchains are shared and write business transactions to an unbreakable chain that is a permanent record, viewable by the parties in a transaction. Blockchains shift the lens from information held by an individual owner to the cross-entity history of an asset or transaction. The most famous use of blockchain technology today is Bitcoin – the virtual currency of the Internet – while in the future it has the potential to secure most of the world’s business transactions.
Sebastian PITEI, IT&C Director (ENEVO Group)