The week in security: Rethinking security in the GDPR age

It’s been over a year since the European Union enacted its GDPR data-privacy legislation – and as experts debate its effectiveness, there were concerns that many Australian companies still don’t even understand their potential liability under the new and potentially onerous laws.

No wonder employers are willing to pay extra for good cybersecurity skills – which they need for all kinds of reasons but, new snapshots of Australia’s skills market revealed, often can’t get hold of.

Some of those are high-level analyst skills, while others are just related to keeping ahead of the unrelenting volume of threats and challenges – which Cisco highlighted by noting an increase in phishing emails to Office 365 users.

Skills issues were a recurring theme at the AUSCERT 2019 conference, where there were discussions about the challenges of adequately resourcing cybersecurity teams.

Sessions were also exploring the challenges that the confluence of myriad security issues has created for modern CISOs, shaping a data breach pipeline that gets more problematic every day.

Sometimes it takes an outlier to shake things up – as ‘Security Empress’ Jessy Irwin found as she explored different perspectives on how to design security policies. Design those policies based on what we know about people and not against what we know about them, she said, and you may get a better result than what’s been going on so far.