Data is the lifeblood of all organizations; the way in which they secure that data underpins customer confidence and maintains economic functions for our society to operate. And the amount of data we handle is increasing, and will continue to grow through digital transformation, changes in working practices with more remote working, and flexible operating models.
Data will be shared with third parties and fourth parties in a complex ecosystem, making the act of securing this data much harder. This challenge applies to private, public, and government entities across all industry sectors; examples include financial services sharing data with partners to deliver products and services; healthcare providers sharing patient information with local and central government organizations. Of course, much of this data will be exchanged via third party services such as hosted email services like Outlook, Gmail etc.
I have worked across multiple industry verticals, and implemented data loss, and data protection tools at scale. I am not always surprised when data is accidentally sent out by a well-meaning person to either an accidental distribution list or inappropriate audience. In my view, the tools we use for vital communications are not integrated into daily working practices and require additional action and knowledge to be applied by our colleagues and partners.
Data will become more distributed across devices and third parties, and must be appropriately managed to maintain customer confidence in our businesses. In fact, in a recent survey, Experian stated that “74% of consumers say security is the most important factor when choosing a business”. Even Interpol regards business email compromise fraud as a top risk and started a campaign to raise awareness.
Security communities also know not all communications are always secure due to insecure practices allowing for interoperability at the expense of security. This challenge falls on the doorstep of the Chief Information Security Officers and technology executives as data inappropriately managed attracts regulatory fines, and reputational damage.
To do their best work, both inside and outside of our organization, our colleagues and partners need information technology to be as frictionless as possible, and integrated into their existing workflows. They are not security professionals, despite being given security awareness training - it’s not their core function during a busy day.
And so we need to find a better way to use frictionless technology and help our colleagues and partners to exchange and share data whilst protecting our customers and businesses. Only then can sensitive data shared digitally be truly secure.
Stephen Khan - Global Head of Tech & Cyber Security Risk (former security exec HSBC)
Stephen is an information and cyber security practitioner, and international speaker with 20+ years of experience working for global firms across financial services, healthcare, and defence. Stephen has held senior group level positions at firms including HSBC, RBS, GSK, and Siemens with experience of global regulatory and cyber security frameworks to drive execution and implementation for the management of risks to support business strategies especially as technology and business models are changing at pace.
Stephen is passionate about people and shares his knowledge and experience by coaching and mentoring senior leaders, and young people to achieve their potential. He believes people come into the workplace to do their best work, so leaders need to provide a positive empowered culture allowing teams to thrive and deliver the best outcomes through people, process, and technology.
He contributes to the Cyber Security community as Chairman of Club-CISO advisory board by engaging with 700+ global CISO executives on important matters affecting cyber security and risk leaders and their organisations. He supports the wider industry and academia through his board membership of Research Institute for Sociotechnical Cyber Security (RISCS).
Stephen is chairman of White Hat Events which is a Cyber Security charity supporting the amazing work performed by NSPCC Childline in the protection of vulnerable young people.