business
‘‘
TALKING
////////////////////////////////////////////////////////////////////
It also tends to be an industry that stores
some of the most confidential information,
like passport numbers. GDPR requires
organisations to obtain explicit (opt-in,
rather than opt-out) consent from the
owners of this data at the time of its
collection. They must demonstrate they
have proper controls over the processing and
security of personal data, including how data
is used, stored, kept up-to-date, accessed,
transferred and deleted.
Harish Chib, Vice President, Middle East and
Africa, Sophos
Organisations in the hospitality sector are
likely to have customers who agree to having
their data stored because it is important
for the effective management of loyalty
programmes or ensuring returning customers
receive the highest quality service. So it’s
important that the right measures are in
cybersecurity challenges and ensure they
are resilient. Organisations need to have
effective, layered security controls before,
continuity during and automated recovery
after an attack.
It’s important to have a comprehensive
cyber-resilience strategy in place, employ
skilled cybersecurity employees, have a
plan to keep email running and be able to
recover data in the event of a successful
ransomware attack.
Another important step would be to
have effective and regular cybersecurity
awareness training. Many hospitality staff
members are dealing with the personal data
of their customers and so they need to be
cyber aware.
and technologies in their attacks. Instead,
they use multiple techniques in connected,
coordinated assaults.
For example, they might start with a phishing
email that includes a malicious URL, clicking
on which connects you to a command and
control centre. Using a combination of
credential theft, privilege escalation and
malicious executables, they then carry out
their ultimate goal, which could be stealing
your data, or holding your data for ransom.
A disconnected approach to cybersecurity
struggles to fight back against these
complex, coordinated attacks. This is where
cybersecurity systems come in: integrated
products working together to outsmart
today’s hackers.
How do regulations (like GDPR for
example) impact the industry?
JEFF OGDEN, GENERAL MANAGER –
MIDDLE EAST AND INDIA, MIMECAST
Hospitality is probably the sector that is
most affected by GDPR when looking at how
the legislation impacts countries outside of
Europe. That’s because it’s the one industry
that tends to store and process data from
individuals all over the world.
If a European were to travel to any hotel in
the Middle East, that hotel would have to
ensure they are GDPR compliant because
they would now be responsible for storing
and processing that individual’s data.
38
INTELLIGENTCIO
place to ensure the best possible protection
of this highly confidential information.
GDPR should be seen as a solid best practice
for security and marketing guidance instead
of just another compliance burden. And with
more legislation like this popping up around
the globe, organisations should evaluate
their security and privacy projects through a
GDPR methodology to ensure that they are
adequately future-proofed.
While most organisations offer some kind of
training it’s often ineffective, boring or not
provided often enough.
Training needs to be engaging, delivered
persistently and it needs to concentrate
heavily on helping employees detect and
avoid cyberattacks.
HARISH CHIB, VICE PRESIDENT,
MIDDLE EAST AND AFRICA, SOPHOS
What steps should businesses and
organisations operating within the
sector take to mitigate cyber-risks? Companies need to re-think the traditional
approach of ‘layered security’ and think
more about ‘cybersecurity system’.
JEFF OGDEN, GENERAL MANAGER –
MIDDLE EAST AND INDIA, MIMECAST With the latest Deep Learning technologies,
new cybersecurity solutions can now take
action faster than an IT manager predicting
issues and stopping threats before they can
enter an organisation’s network. n
It is important that these organisations have
the right measures in place to be able to face
www.intelligentcio.com