Out-Law News 2 min. read
25 Sep 2015, 2:38 pm
Dr Nithin Thomas, co-founder and chief executive of cyber security provider SQR Systems, told Out-Law.com that the development of cyber security standards would help "vendors produce products that make it easy" for companies to meet the requirements of new EU data protection laws.
He said there is "a lot of scope for innovation" in the development of new technologies that can help with compliance with the General Data Protection Regulation through an open standards initiative.
The common counter argument cited against cyber security standards is that the widespread adoption of technologies based on those standards could create widespread vulnerabilities across many IT systems if flaws are later found in those technologies.
Dr Nithin said, though, that standards could help address the "huge variation in the level of security" of business' IT systems that currently exist because it would lead to "baseline" measures being adopted across the board. Businesses could then add further layers of protective measures to depending on their budget and needs, he said.
"Not all organisations understand the cyber threat well enough to take a holistic view on what they need to protect," Dr Nithin said. "For example, some companies will protect desktop computers but not mobile devices. The issue is that because there is no baseline standard there are a lot of holes in the network and there is a patchy approach to security."
The General Data Protection Regulation is scheduled to be finalised before the end of this year and come into force two years later. The new legislation is expected to require businesses to implement stronger personal data security measures in future if they want to remain compliant with their data protection obligations.
Dr Nithin said the reforms will be one of the prompts for businesses to address the growing cyber risk they face. However, he said technology also has a "big role to play" in enabling better protection for business systems and data.
"It does not matter what regulation you push out there, if you do not have the technology you will have some sort of exposure in your network," Dr Nithin said.
A big issue that needs addressed is improvements to the usability of cyber security technologies, he said. The onus is on technology providers to develop new cyber security solutions that fit in seamlessly with what tasks users are performing as the risk is that staff will "bypass" security measures that "get in the way", Dr Nithin said. "The best security is the one you don't notice is there," he said.
The expert said that with the EU data protection reforms on the horizon, a "big concern" is whether UK organisations have access to sufficient cyber security skills.
Dr Nithin said that the UK is "at the forefront" in terms of increasing the pool of cyber security professionals, from initiatives such as the Cyber Security Challenge to the establishment of cyber security centres of excellence at some UK-based universities. However, he said there is risk that a shortage of skills could hamper organisations in implementing the technology that can help them repel cyber attacks and meet their compliance obligations.
However, Dr Nithin said he can foresee a positive future for cyber security businesses in London as a result of a "supportive" government and the proximity of the financial services industry to the startup community. This "concentration" can help cyber security startups develop relationships with customers in the City and trial new technologies, he said.
"We have an opportunity to build London as a centre of excellence for cyber security innovation," he said.