Data | Ethics | Governance

The Principled Data News Review

Cyber Security

One issue that never goes away and continues to grab headlines – cyber security.  If it isn’t another company releasing a breach notification, then it is a report about governments working on offensive cyber capabilities, or yet-another-hack.

The most interesting article I found though relates to Estonia offshoring its critical systems.  What an interesting move.  One key concept – digital diplomatic immunity!  Awesome.

That will put some encryption and data security measures to the test.  Assuming a country can assure data security (as much as possible), then this could open the potential for cyber safe havens – somewhat like tax havens.  Countries may compete on their data neutrality.  It gets messy though once the data gets out on the Internet – how do you enforce this ‘diplomatic immunity’, or any kind of sovereignty, when information is just bits on the wire?  It could be an interesting experiment though.

I keep coming back to encryption as the glue in this cyber security paper sculpture.  We really rely so heavily on these technologies.  So my next quest is to investigate their vulnerabilities.  I am sure some Defcon or Black Hat presentations cover this area.

I have talked about this many times, but my ideal is to create a security framework that is by default secure – irrespective of human action.  I have no idea how this could work at the moment.  It is why I included the article about ProtonMail – email is such a gaping security risk.

Yet, security is only one side of the risk equation; there is also insurance and the response to a security breach when it happens.  Emphasis on ‘when’.

My other focus will be on the insurance and technology products available to help organisations deal with the inevitable.  I read a report yesterday that noted it takes an average of 61 days before an organisation even becomes aware of a breach.  Then another 41 days to notify.  That timeline needs to drastically compress.  So we tools to have effective monitoring, and a quick notification to the market so that they can then take action to reduce their exposure.