In the Netflix series Money Heist, a group of thieves plan for years to get into the secure vault of the Bank of Spain to get to the gold reserve. Cyber criminals are no different. As Chief Data Officers burn the midnight oil to create data assets which create amazing insights or provide economic value to their companies, hackers burn the midnight oil to find ways to get to this data. So what do Chief Data Officers need to know and what do they need to do to prevent a great data heist. The first risk that CDOs face is that people in the organization do not understand the value of data and consequently do not know how to handle the data with care. The CDO must consider the CISO as the commander in chief of his or her army and work with them embed security into data governance. Rules must be defined for controls along the data lifecycle and guidance must be provided on data handling. Data platforms must be developed with security by design to future proof the valuable assets being created and protect them from hackers. The second area of focus for the CDO should be the insider threat. This may be malicious in a very small number of cases but it can also be due to lack of knowledge. Prevention of data leakage is a primary control that the CDO should be interested in. Where and how might data leak and what should the CISO be doing to prevent this? e.g. Data encryption on end points, data leakage protection on email and cloud…should the CDO be concerned about quantum computing potentially giving them the horse power to compute things magically fast but will it also break all sorts of encryption and should we be preparing for a post-quantum world? The third concern of the CDO should be the vast amounts of data that are routinely given away to third parties for various reasons without any safeguards. What can be done by the CDO and CISO as a joined up approach to keep control of this valuable asset? Contractual requirements are a good start but how can we put together really good joined up programs to identify what data is being given out and how it can be protected. Finally, the opportunity for CDOs and CISOs to work together on complex cybersecurity problems is immense. e.g. cyber risk quantification is one of the topics that organizations are unable to do well. This could be a great opportunity to drive value for the organization.
Chief Information Security Officer, Danone