It’s no secret that the bill for keeping compliant in today’s highly regulated economy, is more than most organisations would care to cough up. With GDPR and NIS Directives on the horizon this tangled web of organisational responsibility is only set to become more tortuous for those responsible for compliance. Thirst for knowledge around GDPR has resulted in an explosion of products, services, events and training, all geared towards making the transition to “GDPR compliant” as smooth and economical as possible. One organisation which has been leading the way in helping organisations get up to speed with GDPR is MetaCompliance. Experts in developing innovative Simulated Phishing, eLearning, Policy Management and Privacy software, MetaCompliance specialise in risk prevention and remediation. Cyber Insider caught up with MetaCompliance’s CEO Robert O’Brien shortly after delivering a talk at this year’s Cyber Security Summit and Expo, to unearth what risks organisations and individuals should be aware off and how MetaCompliance keeps its finger on the pulse of cybercrime and data compliancy.
Spearheading MetaCompliance’s current scaling phase, Robert brings with him not only extensive experience with some of the global giants such as Capita and Intergraph Corporation, but also entrepreneurial maturity, with the founding three technology companies under his belt. When we asked Robert how he saw the relationship evolving between cyber and society, he was quick to identify the disjointed nature between our understanding of the importance of digital technology and the denial about our dependency on it. Techno-glutinous organisations and individuals thus remain blind to the hazards lurking within, but Robert states that he is helping “organisations and people to wake up to the reality of this situation, to make them more vigilant of cyber risks and as a result build internal resistance within people’s customs and practices.”
Ensuring that customers maintain an awareness of risk requires the entire team to practice what Robert calls “eating our own dog food”. As well as using its own products for internal operations, staff are taught to cultivate their own domain knowledge as well as keeping ahead of the curve by sharing information. This information sharing is also practiced outside of the company with a litany of memberships to various InfoSec associations in order to keep products and practices up to date with today’s ever evolving threats. Furthermore, Robert and his team foster close interaction with customers as well as a culture of getting out to events and connecting with the industry at large to keep well informed of customer needs and up to date with the various nuances of modern cybercrime. One such trend which occupies the thoughts of Robert and his team is the threat of cybercrime to the most vulnerable, such as children, stating that “the overlap of IOT and children’s toys is an area that will increase in the significance of this threat to families.” Robert tells us that such threats are only exacerbated by the proliferation of expertly designed hacking tools, referencing the ‘weaponized vulnerabilities’ such as the infamous Wannacry which was built on a foundation of exploits stolen from the NSA.
Though such exploits were met with a concerted response from the cyber security industry and governments the world over, Robert cautions against complacency warning that “In the new year as WannaCry and NotPetya fades from our collective consciousness, I feel there will be another wave of attacks”. Preparing for this wave is the responsibility of all organizations, it is also something which is being made easier thanks to such standards and legislation as ISO 27001 and the GDPR. For Robert, organizations should take these keystone articles of good Cyber Practice by the horns, embedding them into the day-to-day of business practice. Robert also echoes the message of the UK Government’s National Cyber Security Strategy in stating that the responsibility for cyber security rightly sits with boards, owners and operators claiming that “Once its “baked’ in at the top of the organization, it’s easy for the internal professionals to be more empowered to really harden their security posture.”
See a copy of Robert’s slides from his talk ”A Dummies Guide to GDPR: Getting Down to Business with European Privacy” and found out more about Robert and MetaCompliance.