Catastrophic Risk, Compliance, and Data Security: Recapping Dynamic Connections 2019

Next: Category Is: Another Data Aggregator Breach
Previous: Terbium Labs Investigates Dark Web Fraud Guides for...
Writer Emily W.
April 11, 2019

Emily serves as the VP of Research at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

Terbium Labs recently participated in Dynamic Connections 2019, an annual conference put on by General Dynamics Missions Systems. The conference brought in more than a thousand practitioners from around the world for a week-long event filled with in-depth product training, industry presentations, and expert panel discussions. At Dynamic Connections, we found government and defense organizations focused on the same issues as their counterparts in the broader security industry: privacy, legislation, building resilient solutions to keep end users safe.

Over the course of the week, multiple sessions addressed the ongoing issues of data privacy regulations and security compliance standards, as organizations – particularly those handling sensitive information for government or military operations – find themselves in a maze of existing requirements and a steady barrage of new standards. An afternoon panel focused on domestic and global data protection regulations brought together industry practitioners and legal experts to navigate the proliferation of data privacy legislation. The panel included General Dynamics representatives like Sharon Dunbar, VP and General Manager of Federal Systems and Chuck Brooks, Principle Market Growth Strategist. Industry experts like David Levine, CSO at Ricoh USA Inc., and Peter Rubin, CISO at Tampa General Hospital, also spoke, along with Doug DePeppe of eosedge Legal, an attorney who formerly served as a White House policy advisor.

DePeppe’s message stood out, cutting through the noise of regulation to get to the heart of the issue. “The trend is not compliance,” he said. “The trend is data privacy.” Throughout the session, DePeppe referenced the General Data Privacy Legislation that came into force last year, along with the legislative trends developing in the United States with California’s data privacy law and recent decisions about consumer data protections from Pennsylvania’s Supreme Court, to name a few. He noted that law is a “trailing indicator” and a mechanism to restore imbalance, as is the case with data security where organizations face “catastrophic risk” and few legislative consequences. Misaligned incentives lead organizations to avoid implementing the appropriate security standards to achieve or maintain compliance. “These companies have to have their AAA moment,” DePeppe stressed, “breaking down on the highway before they take action.”

Once companies achieve compliance, they may still fall several steps short of meeting their duty of care. Duty of care is a moving target, and organizations focused on following the bare minimum of compliance standards are likely to face ongoing data security issues, and may face broader data ethics issues as well. Unfortunately, organization can be technically compliant with all rules and regulations and still be wholly negligent with consumer or employee data.

At Terbium Labs, we’re glad to see data security and data privacy at the forefront conversations about exposure, compromise, and risk. Terbium Labs remains committed to privacy first in data security solutions; that’s why we designed Matchlight with privacy in mind, and why we’ve built our organization around ethical, private data solutions that create a more secure world for our clients and their customers.

RELATED ARTICLES
announcements March 25, 2019
Privacy and the Dark Web - Our Announcement

In conjunction with the KNOW conference on digital identity, we’re excited to announce that we are partnering with the Omidyar Network to help and promote this conversation around “good ID.”

analysis March 20, 2019
Trends and Projections: Shifting Law Enforcement

For the first post in the Trends and Projections series, we unpack the increased law enforcement attention toward cyber-enabled fraud and the shift in resources allocated to taking down dark web communities trading compromised...