Technological and legal complexities abound in this age of heightened cybersecurity threats—including a rise in state-sponsored hacking. This “unprecedented challenge” was the topic of conversation between Dorian Daley, Oracle executive vice president and general counsel, and Edward Screven, Oracle’s chief corporate architect. Here are five key takeaways from their conversation:
1. Some good news: Businesses are aware of cybersecurity challenges in a way they were not even just a few years ago, when many considered security, generally, as a priority, but didn’t go much beyond that thought according to Screven. “It’s [become] a front-and-center kind of issue for our customers,” Daley agreed.
2. These same customers would like to make data security “someone else’s problem,” and are right to think that way, Screven added. In this context, that “someone else” is a tech vendor able to design technology that is inherently more secure than what non-tech businesses could design for themselves.
3. Regulations around data privacy are getting more complicated, starting with the European Union’s General Data Protection Regulation, Daley noted. The issues of data privacy and data security constitute slightly different sides to the same problem, she said, adding “what’s happening on the privacy side is really an explosion of regulatory frameworks around the world.”
4. There’s only so much that employees can do—no matter how skilled they may be. Recent research shows that while most companies cite human error as a leading cause of data insecurity, they also keep throwing more people at a problem that can’t really be solved without a level of automation commensurate with the sophistication and volume of attacks. “There is a lack of sufficient awareness about what technology can actually do for customers,” Daley noted.
Fast, “autonomous” or self-applying software patches and updates are a solid way to mitigate or even prevent data loss from cyber hacks. Many of the attacks and subsequent data leaks over the past few years could have been avoided had available software patches been applied in a timely fashion.
AI and machine learning tech can catch far more anomalies, like unauthorized system access, which might indicate a security problem much faster than human experts can, eliminating issues before they get serious.
5. Screven is skeptical that international treaties, if such things could be crafted, would eradicate state-sponsored cyber hacking because much of that activity happens under the covers by contractors that can be disavowed by the states.
Thus, “the same person who’s out stealing your credit card today is out trying to steal plans for [Hellfire] missiles tomorrow,” Screven said.
Full video of the talk can be found here.