Silks at Crown Sydney recently played host to a very memorable roundtable which brought together leading Australian cyber security practitioners to discuss the topic of Protecting User Privacy in an Era of Great Turbulence. \n\nThe CSO Australia event - in association with Thales and Tech Data - provided a terrific opportunity for all attendees to share experiences and insights on important cyber security challenges that organisations are facing today, with a particular focus on how maintaining and enhancing data protection processes can strengthen user privacy. \n\nModerated by Ed Kennedy, Editor of CSO Australia, the conversation illustrated the importance of ongoing dialogue within the Australian cyber security sector regarding the discovery, classification, and protection of data. Alongside this, other key topics discussed were regarding who should have access and control, compliance requirements, and incident response mechanisms. \n\nFor Erick Reyes, Strategic Clients Director for Thales, the dialogue surrounding the dynamics of data and risk was particularly vivid. \n\n"This event highlighted how securing data is critical in mitigating risk and providing control to an organisation's critical assets."\n\n"A particularly insightful discussion point surrounded the embedding of data security in our processes, to protect our businesses and customers from the risk of cyber breaches and meet compliance. In turn, another key takeaway from this discussion is that organisations should look to proactively pursue ways to embed cyber and data security in their business processes, and not simply do so as an afterthought", said Mr Reyes. \n\n"Ultimately, embedding data security in the business process will help organisations meet their regulatory compliance, their data sovereignty requirements, and mitigate the risk of data being exploited during a cyber incident. This will help organisations protect their critical assets, and - as other attendees also mentioned - protect their customers."\n\nMr Reyes' thoughts found much common ground with the post-event reflections of Richard Charlton, Business Development Manager for Tech Data.\n\n"Tech Data was delighted to join the discussion on modern best practices for data protection with these forward-thinking organisations", said Mr Charlton.\n\n"The future of data security relies on scalable, swift, and data-centric approaches. Businesses must continuously adapt and respond to emerging challenges."\n\n"Organisations need to integrate security seamlessly into their processes to ensure asset security, compliance, customer protection, and data-driven innovation."\n\nThis roundtable was held amidst a period of time where increasing pressure has been placed upon Australian enterprises surrounding the protection of data they hold.\n\nWithin 2022 and 2023, numerous high-profile breaches of leading Australian enterprises have occurred. Such events have led to demands that organisations be held to higher standards, and generate greater in-house awareness and capabilities to anticipate such threats. \n\nThese incidents have also driven organisations to review and refine their own cyber security practices, and to reassure their customers that every possible step is being taken to ensure the protection of the data which these entities hold. \n\nFurthermore, the push to change the Privacy Act 1988 by the Australian government in the wake of numerous high-profile breaches to strengthen privacy laws and increase fines for data breaches, has placed additional pressure upon enterprises.\n\nSuch matters were discussed in-depth during the roundtable, and remain topics that warrant ongoing conversation in the Australian cyber security community, as noted by numerous attendees during their reflections following the event.\n\nAs one attendee shared after the roundtable, "I think an important learning I had from this event is that organisations are now much more aware of the threats occurring, or the possibility of them occurring.\u201d\n\n\u201cEducating internal staff from top to bottom with onboarding and training efforts initially, and ongoing learning and awareness endeavours generally, is vital. I also think the ad-hoc simulation of a threat taking place, and aligning your necessary teams to act on that situation, is an especially good practice and awareness tool."\n\n"What's more, setting up frameworks and processes like ISO27001, NIST, and PCI-DSS, are prudent in organisations. Also, instilling the DevSecOps culture and practices is imperative, and knowing where your data sits - and where and what it traverses - is important to understand for any organisation." \n\nAnother attendee shared, \u201cAs cyber security leaders, many of us have seen the advent of many new technologies over the years. AI is the latest of these, and it has sparked a great deal of robust debate thanks to pop culture phenomena like the Terminator movies."\n\n"AI, like other new technologies that have come before it, has the potential to deliver both positive and negative outcomes. By collectively deciding what we want AI to be, we can avoid the mistakes of the past and ensure that we don't find ourselves expending additional efforts in trying to impose retrospective controls down the track."\n\nCSO, Thales, and Tech Data, thank all who attended this roundtable.