Our Procurement Business Partner Neil attended his first ICT Category Council. The focus of the day was Cyber Security with presentations from Ripple, Trend Micro and MetaCompliance.
As I continue to immerse myself in all things YPO, I went along to the well-attended and informative ICT Category Council and was duly told that “Three quarters of all online attacks are via spear-phishing.” Taken in isolation, that one liner doesn’t seem like anything to lose sleep about… However, our presenters James from Trend Micro and Robert from MetaCompliance qualified the statement enough to almost put me off using all devices connected to the internet for fear that my identity (and hard earned cash) being whisked away into a world of zeros and ones. Well, almost…
As one of 30 attendees representing 15 organisations I learnt that the number of reported deliberate and malicious campaigns using email (known as “phishing”) totalled over 500,000 in Q1 of 2016 and that “spear-phishing” is a more focused method which deliberately target individuals within organisations using their online profile (Facebook, Twitter, LinkedIn, Blogging etc). The favourite targets of cyber criminals for spear phishing are CEO’s and CFO’s for obvious reasons; but also senior ICT staff as they are often in possession of “the keys to the kingdom”. About a third of the attendees were senior ICT staff… Their sudden intake of breathe was quite audible: not surprising as it equates to roughly 5,000 spear-phishing attacks per day!
In addition to the rather scary online security topic, the upcoming EU General Data Protection Regulation (or GDPR for short) was discussed, which comes into force for all EU members on 25th May 2018. “Ha ha!” all the pro-Brexiters rejoice; the UK voted to leave the EU so we get to avoid another Brussels’ driven piece of legislation! However, its shaping up that even a full Brexit in the style of Canada is unlikely to be a ‘get out of jail free’ card for this particular EU law, because:
a. We haven’t invoked Article 50 yet, and once/if it happens, it will take a minimum of 24 months to take effect, whilst GDPR is only 22 months away,
b. GDPR is designed to protect the data of all EU citizens, even outside of the EU bloc, meaning UK organisations with customers either in the EU or handling data of visiting EU residents will need to ensure they are compliant.
The GDPR is designed to build upon legislation such as the UK’s own Data Protection Act 1998, however the current legislation has a monetary penalty cap of £500k whilst the GDPR will be capped at €10m or 2% of a firms gross global revenue. With the potential for sanctions twenty times higher than current legislation; less than 2 years doesn’t leave UK firms much time to ensure they are compliant.
As we discussed the need for UK firms to protect data to EU future standards under GDPR, it occurred to me that even a ‘full on’ Brexit won’t result in the UK will be complete free of EU regulations. This got me thinking about the EU Procurement regulations that presently governs public sector purchasing; The European Public Contracts Directive 2014, also known as OJEU. At YPO, all our frameworks and products have been completed following the current OJEU process which I think is a huge benefit for our customers; the process can be complex, expensive and suppliers are savvy enough now to use the legislation to challenge an award.
But what of the future? At this stage, no one can say if we will need to continue to adhere to the current EU regulations post Brexit in order to maintain trade agreements with the EU, or if the UK will enact its own set of purchasing regulations and how the EU will react to those. One thing that we do know is that just like the cyber security threats lurking on the web; the OJEU regulations aren’t going to just disappear tomorrow. So my advice following a very insightful (if a little scary) ICT Category Council?
1. Back up EVERYTHING you hold dear to you in digital form and don’t leave it plugged in,
2. Be careful of the connections to accept on social media,
3. Regardless of your opinion of Brexit and concerns for the UK outside of Europe; “keep calm and carry on” until such a time that ‘out’ means “out”.
For more information on our ICT frameworks click here or email us at [email protected].
* The views expressed in this blog are those of the author and do not reflect or represent the views of YPO.