On May 31 – June 1, the first Risk-In conference took place at the Radisson Blu in Basel, Switzerland, writes Lina Kolesnikova.
Thirty-four speakers presented 29 interactive sessions during these two days. Crisis Response Journal congratulates Stephen Martin and Antoine Lacombe for a very successful start.
It is no exaggeration to say that the topic of cyber risks and cyber security dominated all other risk-related issues over these two days. According to the Institute of Risk Management, cyber risk means any risk of financial loss, disruption or damage to the reputation of an organisation arising from some sort of failure of its information technology systems.
Cyber risks are no longer just a matter for IT personnel; they are a concern for the entire organisation, and the whole of society, on a global level. In some ways, we have reached a point of real war between cyber attackers and cyber defenders.
Last year we saw a large number of high-profile cyberattacks, including Uber, Deloitte, Equifax, etc.
Unfortunately, we also witnessed the rocketing increase in ransomware attacks (for example, WannaCry - click here and here) on companies and organisations worldwide, which incurred enormous financial costs.
Several speakers addressed the issues of how an organisation can tackle the growing problem of cyber risk. Private sector spend on the latest technological products are growing in geometrical progression, but do companies actually understand cyber threats and following risks for their own organisations? Have they taken all the necessary steps to protect their own enterprises against all current and potential future cyber threats?
It is vital to be armed with the right information, and from there you can start to build a cyber risk strategy that makes sense for your organisation.
Some presentations addressed the topics of growth in connectivity between the digital and physical worlds, and the acceleration in commercial deployment of innovative technologies such as the Internet of Things (IOT) and Artificial Intelligence (AI). The forecast is not optimistic – this interdependence will expand potential avenues for cyber attacks and increase the risk of aggregation effects. All these changes mean cyber security is an ever more challenging area for companies.
Speakers from the private sector invoked closer co-operation with other players: governments, law enforcement, lawmakers, insurance companies, etc. The cyber threats are global and without common efforts will be impossible to cope with.
There were several timely appropriate presentations on Blockchain technology: how it disrupts the financial world and which of the legal challenges the crypto ecosystem is facing today, as well as why that is and what can be done to maximise the good that Blockchain technology can bring us in the future.
GDPR is a hot topic everywhere and it Risk-In conference was no exception. What is GDPR? What type of risks are connected with GDPR to companies – financial risks, reputational risks, operational risks, etc? (See here and CRJ 13:3 – Data Protection, by Sam Forsberg - subscribers only).
One very interesting discussion was held during the session examining the influence of social media and the risks to companies that are associated with social networks. On the one hand, social media has become a powerful tool for businesses to use in connecting with their customers. The medium has certainly made major corporations more accessible to the consumer. But with this ease of accessibility comes risk in many forms.
Criminals can use social media to target employees within businesses in an attempt to commit crime. The variety of information that can be found with simple open source intelligence (OSINT) techniques on the Internet is unbelievable.