The current topics of cyber security
In conversation with Harald Erkinger and Christoph Mondl about New Work, opportunities and risks
Harald Erkinger, CEO of CIS, and Christoph Mondl, Co-Managing Director of Quality Austria, will open this year's CIS Compliance Summit on September 19th, 2023, around the topic "New Work - Potential or Provocation for Security and Privacy".
We brought the two of them together for a virtual roundtable to talk about New Work, opportunities and tips.
"New Work" - what exactly is the meaning the concept and does it really have a future?
Harald Erkinger: As we all know, digitalisation has left its mark on many areas - the labor market is no exception, and "New Work" has definitely come to stay. "New Work" is a collective term for many changes in everyday working life, which are increasingly demanded by young employees in particular. These include flexible, location-independent work, a great deal of self-determination, decision-making authority and individual break arrangements. If companies want to survive on the labor market and score points with the younger generation, they have to keep up with the demands and the pulse of the time - especially regarding the current situation of a shortage of skilled workers.
What impact does "New Work" have on cyber security and privacy?
Harald Erkinger: With the departure from traditional hierarchies, working hours and locations, "New Work" poses challenges for many companies and their information security officers or CISOs (Chief Information Security Officer). Employees act both as an opportunity and as a risk in this situation: Appropriate sensitization, awareness creation and social engineering at all hierarchical levels are essential. Cyber attacks and hackers are always adapting to the pulse of time. For example, the time attackers need to gain access to a network is becoming shorter and shorter (according to the Global Threat Report, this was around 1 minute and 24 seconds on average in 2022).
However, a corresponding security culture, systematically underpinned for example by management systems and standards such as ISO 27001 for information security, ISO 27701 for data protection, or ISO 27017 or ISO 27018 for cloud services, help to uncover optimization potential and continuously develop further.
BYOD (bring your own device) is also often mentioned in one breath with future-proof concepts. How do you see this, and what are the benefits and risks of employees using their own devices?
Christoph Mondl: The abbreviation "BYOD" stands for "Bring your own Device" and means that people work on their private devices and not on devices provided by the company. On the one hand, this means more flexibility for employees if they can work on the devices they are used to, but on the other hand, it creates additional issues for the company if many different private devices are used and stored data is ultimately difficult to control.
A middle ground would be "COPE" (Corporate Owned, Personally Enabled) or CYOD (Choose Your Own Device) - where the devices remain the property of the company but can also be used for private purposes - this method would combine the best of both worlds, so to speak.
Regardless of what technical measures are taken regarding data protection, it ultimately always comes down to the human factor. The most important thing here is to create a security culture and keep the entire team updated regularly with information on current threats and security measures.
What basic tips should companies follow when it comes to cyber security?
Christoph Mondl: We often talk about the continuous or ongoing improvement process, i.e. a kind of regular stocktaking: where do we currently stand as a company? Where do we want to go, what are our strengths, where are our weaknesses? It is equally important to spread a healthy skepticism and awareness. This goes hand in hand with the principle of "think, then click!
Employees, but also managers must have an awareness of dangers in the network and learn how to deal with them. A proactive measure - should an emergency occur - is an emergency plan, which is most easily achieved by implementing a business continuity management in accordance to ISO 22301.
In a little less than two months, the CIS Compliance Summit 2023 will take place again. What is your concept this year and what are you most looking forward to at the trade event?
Harald Erkinger: On September 19th, at the CIS Compliance Summit, the topic "New Work - Potential or Provocation for Security and Privacy" will be rolled up in many different ways. From theory to practice, from German to English, from tried and tested systems to innovative, new methods; once again, it is an event for everyone! Especially the bilingualism is a big step towards internationality and shows the future direction of the company.
In addition, the "CISO of the Year" competition will take place again. The award underlines the importance of the Chief Information Security Officer (CISO) profession. These are often the "silent heroes and heroines in the background", but at the same time they are taking on an increasingly important role in times of increased cyberattacks - which is why I am particularly looking forward to the presentations of the winning projects.
It is also the first CIS Compliance Summit in the role as Managing Director for me, so I am very much looking forward to welcoming and meeting many people on site. Registration is open until the beginning of September!