Today, cyber security is a hot topic in the B2B world. The MICE industry is not exempt from this and that’s why we want to share our interview with Vincent Jentjens, a cyber security guru from the University of Amsterdam.
In 2007 Vincent and his business partner, Hans de Vries, decided to found the Security Academy with the aim of providing the Dutch market with high-quality security and continuity training. Due to their dedication, the Security Academy has become a leading educational institution in cybersecurity, privacy and data protection, and crisis management in the Netherlands.
Vincent will be at the Incentive Seminar organized by SITE Global in Barcelona on Monday, November 27th, 2017. During the education session, he will explain us everything we need to know about cyber security. Meanwhile we have asked him few important questions that are crucial to our business environment.
Everybody talks about cybersecurity today. However, very few of us could explain what cybersecurity means. In your opinion, why is cyber security so high on the agenda?
At present, cybercrime is one of the fastest-growing and “highest-paying” crimes. Cyber warfare is in its prime as more and more countries use it as a weapon to obtain political influence. Few of us realise superpowers are already engaged in a cyberwar. In addition to influencing the political climate, cyber attacks are also aimed at collecting sensitive information (industrial espionage). Everything points to the fact that both companies and states need to shield themselves against cyber terrorists.
How do companies make sure their platforms are cyber-secured?
100% security doesn’t exist. That said, you can (and should) still try to make the job harder for hackers. Proper and up-to-date IT security, well-trained employees and regular controls already help a great deal. You should try to do your best to safeguard security. At the same time, companies should assume that they can be hacked. Or better said, the question a company should ask is not whether but when they’ll be hacked. That’s why we place great emphasis on establishing a good incident procedure. “How quickly can we be up and running after an attack?” “How do we handle customers after a data breach?” “Does the organisation comply with applicable legislative and regulatory requirements?” – these questions should be high on any organisation’s agenda. In other words, organisations need to realise that they need to invest in detective and repressive measures as well as prevention.
What are the most typical cyber security mistakes of B2B companies?
In my opinion, organisations still tend to look at cybersecurity as an IT issue. System and network security remain undoubtedly essential aspects of cybersecurity, but we shouldn’t forget that employees are equally important. If employees can’t add their own piece to the security puzzle, it doesn’t really matter what technologies you use to secure your systems or network. Technology is pointless if you provide hackers with alternative entry points: your employees.
Without awareness and education, employees will always represent the weakest link. Think about working in the Cloud. There’s nothing wrong with the Cloud as long as employees are aware of what information they store there (Can privacy-sensitive data leave the country? Where do we save the data and who can access the Cloud service?). You wouldn’t solve any problem by banning the use of the Cloud. By contrast, you would surely benefit from showing employees why they must weigh up carefully if they can trust a given Wi-Fi hotspot or if they should let their children play online games on their company laptops full of sensitive data. Employees should also be aware that their social media or Google information might exert influence on their companies. “Can I be blackmailed with my data? Could a hacker use a combination of my data to gain access to my phone, laptop or corporate e-mail address?” These are only a few examples to demonstrate that employees play a more important role in corporate security than they might think.
What challenges will we face in the next 10 years?
The next ten years will bring enormous challenges. Everything will be connected to the internet: cars, fridges, toys… We live in the era of the internet of things. These devices didn’t use to be secured in their isolation. But as soon as we connect them to the internet, all of them become possible targets for hackers. In my view, security requirements for such devices should be established by law. It makes very little sense to leave it up to the market as business interests will always triumph over security needs. The market prefers functionality to security as security costs money, and this is not to change.
I believe the second greatest challenge is the collection of data and the profiling of individuals. Data collection and profiling allow for the further empowerment of big market players knowing everything about us. Drawing up very specific user profiles is, in itself, understandable. What could be wrong about matching advertisements with user interests? The trouble is that profiling can be used for less innocent purposes, for instance, to steer people in a particular political direction. What if Google limits your search results to those reflecting a certain political preference? What if social media only allows you to see “fake news?”
Thinking a step further, profiling raises concerns about discrimination. The collection of personal data and data purchase enable companies to raise or lower webshop price
s on individuals. People using an iPhone, driving a BMW 650 and living on the Upper East Side in New York should afford more than a college student. Who could prevent a housing agency or an insurance company from charging Upper East Siders three times as much as students? Or what would you do if insurance companies rejected you because your data reflect a “risk-enhancing” behaviour? Do we really want to live in such a society?
A third challenge is a cyber warfare. In the past, you knew your enemy and wars were fought on the land, in the air and at sea. Today’s wars are fought online and countries no longer know where to expect the attack from. Other states, terrorist organisations and lone-wolf terrorists might pose an equally serious threat. And by the time you realise you’re under attack, it’s often too late – your sensitive information is stolen, your vital infrastructure is destroyed, and the terrorist attack has claimed its victims. Governments react to such threats by keeping a close eye on their citizens. They monitor internet traffic, tap phones and search through cloud databases. The discussion about privacy versus security is more heated than ever. How much of our privacy are we willing to sacrifice?