As a digital forensics investigator, Vesta Matveeva of Russia's Group-IB has great insight into the latest cyberattack trends - and the attackers. What conclusions can we draw about how to bolster defenses in 2018?
Organizations need to develop "a friendly business relationship" with law enforcement so they can share information about a data breach to help with the investigation, says Luis Cerritos of the Royal Canadian Mounted Police.
Organizations that must comply with Europe's GDPR need to identify gaps in their ability to meet various requirements, including making prompt breach notifications and gaining consumers' consent to store their data, says Sunil Chand of Grant Thornton.
All the key players of a company's management group, including the CISO, need to be involved in the decision about whether to invest in cyber insurance, says Greg Markell of Ridge Canada Cyber Solutions, a cyber insurer.
Canada had been lagging behind the U.S. and some other nations in terms of breach notification regulations, but now it's catching up, says attorney Imran Ahmad, who explains new regulations that are going into effect.
When creating a security action plan, not enough organizations include provisions for communicating with the police, says Kenrick Bagnall, a detective constable in the cybercrime unit of the Toronto Police Service.
Craig Gibson of Trend Micro has spent more than a decade researching the topic of security orchestration. He offers tactical advice for how organizations can best deploy their human resources to best maximize security across the enterprise.
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.