hands typing on a laptop computer keyboard with icons on virtual screen and office blur background

How to stay secure in a digitised world

#KingstonCognate introduces Tomasz Surdyk

Photo of Tomasz Surdyk

Information security, personal data and cybersecurity expert.

With over 24 years of experience in IT security within governments, Tomasz is a leading figure when it comes to information security, personal data and cybersecurity. In his past, he has inspected ICT systems and networks that process classified information and personal data in government administration. He has a security clearance in NATO and the EU.

For several years, he has been the owner of a company specialising in the implementation of secure solutions increasing the security of business information and personal data. As part of this role, he has been carrying out audit activities in various public and private entities throughout EU countries. Furthermore, he is an accomplished advisor in the field of personal data protection, information security, identity theft and cybersecurity, as well as banking secrecy. He was one of the first experts to implement personal data protection in the Polish police.

How digitisation and security have progressed

The constant progress of digitisation has a significant impact on the security of information processed in the digital world. Digitisation not only means technological development but is associated with various types of threats affecting public and commercial entities. It opens gates for hackers who effectively use the weak points of IT infrastructure systems for nefarious purposes, causing sustained commercial and reputational damage to organisations. In 2020, 64% of organisations experienced at least one cybersecurity incident. How can you effectively counter these emerging threats? What counter measures can be taken?

The importance of cybersecurity skills

An important issue impacting cybersecurity is the shortage of specialist security experts. More specifically, the industry is lacking the types of qualifications and investment required in IT infrastructure security. According to the report "Cybersecurity Barometer", 58% of the surveyed companies admitted that the pandemic increased the risk of cyberattacks. However, only 23% of them have increased their budgets to ensure security in this area.*

These factors have a significant impact on the threat of cybersecurity failures and the resulting risks to organisations. Despite continued reports of data breaches and cyber threats in the news, IT security seems to not be high enough on the agenda for almost 60% of businesses. It’s therefore unsurprising that IT security experts are underutilised by the majority of companies. There are often situations where IT teams do not have the expertise to implement appropriate security strategies. Lack of expert supervision and the use of necessary tools to prevent attacks opens the door to vulnerabilities in wider IT systems. It is apparent that employees are not being given appropriate training in cybersecurity best practices and therefore that their awareness of threats in cyberspace is negligible.

Key roles in data protection

Another area of IT infrastructure that is often forgotten is supervision by data protection officers in the areas of personal data processing. The tasks of the data protection officer have been incorporated into the regulations of the European Parliament and the EU Council. It is an important role to play in ensuring security in IT systems, as data protection officers are responsible for the risk assessment of data processing operations. They must also consider their nature, scope, and purpose.

Reporting violations

Many entities do not report any breaches related to hacking attacks, data leakage, data loss or theft. The lack of reports is due to the fear of being held liable under regulations such as GDPR (General Data Protection Regulation). The reporting entities are also afraid of receiving high financial penalties and claims for damages and being responsible for the loss of the company's reputation.

Lack of investment in the right IT tools

Given today’s heightened risks, IT security should be considered a priority given the unprecedented amounts of data that are being processed and stored. However, the present level of investment in the tools that prevent data loss is insufficient. Despite technological advances in data protection, many organisations have not adapted to what is available and are not equipped with the latest solutions.

An all-too-common example is equipping employees with unencrypted USB drives to store and transfer sensitive data, which is a risk strategy usually determined by cost-saving measures. In the event of data loss or theft, access to this data is not secured in any way. This loss may not only lead to a breach of the company’s data, but it could also affect their reputation and lead to high financial penalties and lawsuits.

Over the past few years, many cases of loss of portable media have been reported. One of the more recent examples in Poland is an incident involving the loss of an unencrypted USB by a probation officer. Subsequently, the office for Personal Data Protection determined that this was due to the lack of appropriate technical and organisational measures put in place. This oversight meant that the level of security did not correspond to the risk of processing data on an unencrypted USB which led to the loss of this data.

Investing in encrypted USBs is prudent and relatively inexpensive when you consider the protection they offer, even if the worst were to happen and the device were to be lost. Not only are you getting a versatile work tool, but also a locked safe that stores data making it inaccessible to any unauthorised individuals.

#KingstonIsWithYou

Ask an Expert

Ask an Expert

Planning the right solution requires an understanding of your project’s security goals. Let Kingston’s experts guide you.

Ask an Expert

Related Products

Related Articles