IT and law are to an increasing extent merging, and a large part of enforcing cyber security takes place within the frameworks of GDPR, NIS, and so on. Formal requirements for information and cybersecurity are increasingly being developed, and it is therefore essential to be aware and ahead of what new policies and legislation may demand of your organisation.
Cybercrime is one the most rapidly evolving forms of crime, where businesses and authorities alike are constantly exposed to attacks, which can disrupt operations, potentially costing the company millions. In order to effectively identify potential hackers and attacks it is important to understand which methods are used, and which initiatives can be implemented as a response.
Securing and maintaining company data is of increasing importance, and now requires more than mere technical IT security. Legislation, such as GDPR, and intensifying pressure from cybercriminals means that demand for internal information security is at an all-time high. Therefore, knowledge of the best tools and practices are necessary, while also working with information security, law, and employee behavior.
The knowledge and sophistication of cybercriminals is continually evolving, and from a technical perspective, also ahead of the curve. New technologies and developments such as quantum technology and machine learning provide an entirely new array of possibilities - both offensively and defensively.
IT security no longer exclusively exists in a basement's server room. Companies should tackle IT security risks in the same way as with any other form of risk management. The Danish government has, in accordance with Denmark's new combative cyberstrategy, clearly stated that the responsibility for IT security lies with the top management. Therefore, management must be properly prepared and aware of the responsibility of handling cyber threats, and treat it with the same level of urgency as any other external factors that may affect the business.