As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.
We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues.
Our expert panel included InfoGovANZ Advisory Board member Dr Peter Chapman who brings expertise in cybersecurity and Information Governance. He is currently a Director in the KPMG Forensic Technology practice and his previous employment includes positions as a Director leading the Sydney Forensic IT practice of PricewaterhouseCoopers, and Acting Sergeant in the NSW Police High Tech Crime Unit.
- Massive social and political upheaval across the globe, combined with equally large changes to our standard business processes, created a perfect storm scenario for cybercrime and data breaches by well organised cybercrime gangs, as well as nation-state actors.
- Many are predicting that even post-COVID, we will see knowledge workers increasingly working from home, effectively flipping the concept of ‘BYO device’ on itshead. Organisations now need to be aware of home working environment security as much as BYOD issues.
- The good guys are currently losing the battle for online security –we have seen the rise of ‘malware-for-hire', more targeted ransomware attacks and highly sophisticated attacks on the ‘supply chain’ of software updates (SolarWinds) –demonstrating that not even the experts (FireEye) and ‘secure’ government agencies are immune from such threats.
Actions for leaders
- Be realistic about cyber-based threats and consider breaches as a question of ‘when’ and ‘what’ rather than ‘if.’ What changes do you need to make, with regard to your core Internet operations and approaches to technical data management, to significantly reduce this threat? (for example, TimBerners-Lee idea of ‘data-pods’ and decentralisation).
- Ensure your organisation has really covered the basics of data management (what do we have, where is it, who has access, how is it protected and when do we get rid of it). Given the current state of play, holding onto sensitive data unnecessarily may end up being more damaging than not having access to that data in the first place.
You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19 and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.
You can also watch the recording of the 28 January 2021 webinar here.