The CNIL¹ has published a study entitled ‘What are the economic benefits of having a DPO in a company?’, which shows that appointing a Data Protection Officer (DPO) offers companies more than just compliance and legal protection; it also provides them with a valuable economic resource. Here is an overview of the main benefits identified by the study: Competitive advantage: GDPR compliance reassures customers and increases the chances of winning bids. Reduced risk of penalties: the DPO prevents data breaches and safeguards the company’s reputation. Fewer data leaks: its action enhances security and reduces the impact of cyberattacks. More efficient data management: less unnecessary storage, reduced costs, and better internal organization. A profitable investment: companies that view compliance as a lever reap measurable benefits. You can find the entire CNIL study in original French language here:https://www.cnil.fr/fr/quels-benefices-economiques-du-dpo-en-entreprise [1] Commission Nationale de l’Informatique et des Libertés, is the French Data Protection Authority.
Posts By: Lynn Pinto
IDPS-ESCAPE (v0.4): RADAR for enhanced SOAR Capabilities
Risk-aware Anomaly Detection-based Automated Response The IDPS-ESCAPE team is excited to announce a major update to the RADAR subsystem, delivering new SOAR capabilities for automated threat detection and response in modern Security Operations Centers (SOCs). Click here to read the whole article
Launch of our new Whistleblowing service – WBaaS
itrust consulting is pleased to announce the launch of Whistleblowing as a Service. WBaaS ensures a way to report violations of the law within a company without repercussions for the employee, ensuring conformity to the law of 16 May 2023, concerning companies with over 50 employees and communes with over 10 000 inhabitants. The service includes the setup of an internal channel, and our expert will review any reports made via the platform to verify the appropriate anonymization and clarity of the information provided. Only authorized and mandated people of the targeted organization get access to the report. It is possible to make a report via phone call or in a meeting, but the easiest method is to file it on the platform, which guarantees the highest security standards. For more information, click here.
Cybersecurity: An opportunity for vendors – a nightmare for insiders
Article for Lëtzebuerger Gemengen At a time when organized crime has found a goldmine in cyber-attacks, generating profits faster than drugs, and when heads of state intent on endangering our democracy are funding cyber-crime, defense no longer holds water, and leaders are repeating their mistakes, according toCarlo Harpes, head of itrust consulting and a dedicated insider since 1992. To read the full article, click here.
Cybersecurity: An opportunity for vendors – a nightmare for insiders
Article for Lëtzebuerger Gemengen At a time when organized crime has found a goldmine in cyber-attacks, generating profits faster than drugs, and when heads of state intent on endangering our democracy are funding cyber-crime, defense no longer holds water, and leaders are repeating their mistakes, according to Carlo Harpes, head of itrust consulting and a dedicated insider since 1992. Is now the right time to sell cybersecurity enhancements? Many companies sell monitoring, detection and insurance tools, which decision-makers buy to ease their conscience rather than to control the situation. This often increases complexity and dependence on the cloud and external players, who are better armed, but also more exposed to large-scale breakdowns. So we need to reduce these dependencies and strengthen local skills and means of action. Can you illustrate these dependencies? Ukraine got cheap communication terminals from Starlink before realizing that they depend on one person, Elon Musk, who has the power to decide whether or not to shut down the majority of military communications. Many companies create subcontracts with no exit plan and no idea of the cost of a divorce. Wind turbines in Europe were at a standstill at the start of the war over Ukraine following a cyber attack on communications equipment in the Viasat satellite used by over 5,000 wind turbines. The EU has passed a directive on cybersecurity, NIS2. Will it be effective? At the NISDUC user conference organized by ILR in Luxembourg in May, the experts all agreed: NIS2 simply makes mandatory what every organization should have done long ago. NIS2 does not prescribe technical solutions, but rather risk management, i.e. adequate documentation of risks and countermeasures, assumption of responsibility by management, which can be disavowed if necessary, orientation towards standards, and mandatory security in certain areas, such as asset management. What’s the situation in Luxembourg? Sad, which brings me to my first nightmare: the HCPN and Parliament have failed to transpose the directive within the 2-year timeframe. At the beginning of May, the Minister Delegate expressed the hope that this would be done by the end of 2025, i.e. more than a year late. Where are Luxembourg’s ambitions for leadership in digitalization? The legislator received 10 well-founded formal objections, and 7 months later, no correction is available. That’s why several potential customers have told me they’d rather wait for the law and an ILR order than prepare now. For security managers, this… Read more »