While our team recovers from a busy three days at RSA San Francisco, we look back on some of the bigger takeaway points to learn from the event.
We absolutely loved attending the RSA Conference and enjoyed learning about the freshest cyber security software and hardware on the market, and wanted to let you know a few examples of what we learnt from our adventures in the USA.
Here, in the UK we are used to working with organisations who understand that there is only so much software can do to protect an organisation from a data breach, but in the USA there seems to be a huge focus on buying a piece of software and it fixing all of an organisations cyber security problems.
Figures from the UK’s Information Commissioner’s Office (ICO) obtained by Egress Software Technologies revealed that almost two-thirds (62%) of the incidents reported to the ICO were caused by human error, compared to the 9% of incidents from insecure webpages and hacking combined.
Computer Weekly also reported that a further 17% of breaches came from loss and theft of paperwork, while in 9% of cases, data was emailed to the wrong recipient.
A piece of software cannot patch every human error that leads to a data breach but training and consistent behaviour reinforcement can make a significant difference in the possibility of a data breach.
Advances in technology allow organisations to protect against a lot of serious threats, but it doesn’t actually protect organisations from the biggest cyber threats – human error.
Another lesson we learned from visiting the RSA Conference, was that there are a lot of large and respectable firms that do not believe that the General Data Protection Regulation (GDPR) applies to their business – but in reality it does.
However, if a business stores or processes data from users or consumers within the EU, then they need to adhere strictly to GDPR legislation.
There is a lot of misinformation out there in regards to the GDPR, especially for international businesses who trade or function with businesses or customers within the EU. The new GDPR legislation expands the definition of sensitive and personal data to be more than simply a person’s name.
Personal data includes anything from photos, financial information, medical records, fingerprints, social media posts and more can be used to identify a person. If an organisation outside the EU is collecting information on EU citizens that could be used to identify them, they need to adhere to GDPR.
Our final key takeaway point from our trip to the states is that there is an overriding ‘It won’t happen to us’ mentality.
Parallel to having everything covered with technology, organisations are engrained with a lottery mindset that they won’t be targeted and if so, they are too tech savvy to be caught out by it.
The naive reasoning of “We’re too small” or “We don’t have anything of value” is putting US organisations and personal data in jeopardy. The important thing to remember from an organisational perspective is that no matter how big or small your organisation is, you will be targeted.
It’s not a matter of if, it is a matter of when! Today’s cyber criminals are influenced by different emotional motives, not just spurred on to attain financial benefits but to potentially ruin the reputation and image of an organisation.
Playing the chance game puts you at risk, therefore organisations need to act now before it is too late.
RSA in summary
Our first major US event was a fantastic experience for us, and it most certainly will not be the last time the Bob’s Business team go stateside on a mission to revolutionise cyber security.
Thousands of organisations in the US of all shapes and sizes are threatened by breaches on a daily basis and RSA San Francisco taught us valuable lessons about the state of cyber security in the US.
If you are a US organisation looking to provide world-class cyber security training, click here to find out more about our award-winning training packages.