Don’t be blinded by your technology defenses

I recently created a course on the Global Risk Academy outlining the requirements of GDPR (https://globalriskacademy.com/p/gdpr ). My objective was to guide organizations, other than those in the EU, to understand what they need to do to be GDPR compliant. Having immersed myself in the GDPR I came to realize it represents a quite different perspective on cyber security than currently embraced by many cyber security professionals in the US.

The GDPR explicitly places privacy security requirements front and center. This places an onus on organizations to protect individuals information that is in their possession. In the US security requirements have primacy, which puts the onus on individuals and organizations to protect their own assets. This differing perspective of Privacy vs Security as driver is not just a semantic. It represents a fundamental difference in how to address the cyber exposures that we all deal with.

Let me explain. By focusing on the privacy of individual’s information the EU has made a priority that others need to protect individual’s information in their possession. This takes the pressure off individuals to secure their own information while letting the EU bureaucrats believe that they are doing something.

While in the US the focus is on technical security which provides organizations and individuals with a structure that if they follow they will be safe. It appears that responsibility for protecting ones privacy remains with the individual. 

Both approaches ignore the cyber exposures that individuals and organizations face every day because of their own behaviors. Some examples include the use of ‘PASSWORD’ as a password, not changing default settings on various devices, not performing updates on various devices, and believing that smart technology will protect you.

All the technology in the world cannot protect an organization from ill-informed personnel or willful arrogant behavior.

We strongly recommend that you consider addressing all your cyber exposures. Not sure what that means or how to do it? Try our course understanding cyber exposure at the Global Risk Academy (https://globalriskacademy.com/p/cyber-exposure).  

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead