Introduction
Project Bijou is the ODPA’s social initiative to share stories and experiences to help drive cultural change regarding good data protection practices.
In this episode we are joined by Kurt Roosen, an entrepreneur and head of innovation at Digital Isle of Man. He has 35 years of experience as an IT professional across various sectors including banking, telecommunications and education.
Kurt’s account of a cyberattack is a particularly dramatic tale. It’s also a lesson in how transparency and accountability are two of the most important tools in dealing with a data breach.
Content
· Introduction by Bailiwick of Guernsey Deputy Data Protection Commissioner Rachel Masterton
· Discussion between Rachel and Kurt Roosen, Head of Innovation at Digital Isle of Man
Key points:
05:05 “From a logistical perspective, with no information, and not knowing how it happened, it was very difficult to see as a technologist how you could then plug that hole….We went through a significant legal challenge in the first place, a conversation with our lawyers, where we said, well we are going to try to manage that risk but we’ve got to take that risk so we can see them coming, to see how they did it and we had to overrule our legal advice in doing that which is quite an interesting thing to do.”
09:23 “We also discovered that they had been sitting in our system for the best part of 4 years before they actually did anything, so they’d just been monitoring what was going on. I’ll take it as a compliment because I can’t take it as anything else, in their manifesto they said ‘clearly someone knows what they are doing now because security is getting tighter, and we are having to do more to get in’ well that was the actions we were taking. What I didn’t know however was that the reason they were able to react to that is because they were monitoring all our communications.”
11:04 (What Kurt was told by a third party) “In the course of normal operations you would expect to be protected by the systems you put in. However, the coordination of this event was so sophisticated that you were just outgunned and out maneuvered. You didn’t do anything wrong, you didn’t leave anything open, they were just determined to get into your system.”
11:39 “What we got was some very sophisticated people, state sponsored so they didn’t care how long these things took, who went, well because this has high (fire) walls, there must be something interesting behind it, so we are going to persevere.”
21:40 “We certainly took the view that the bad guys share information, if the good guys don’t share information, we are on the back foot anyway, so we need to redress the balance.”
25:23 “In business life more generally, people should be accountable for what they do. That’s part of their job and if you are going to run away from accountability then you shouldn’t be in that job in the first place.”
26:48 “The day this breach happened, bear in mind that I’m in charge of IT at this point, so I’m accountable and responsible for this, so I offered my resignation on that day to the organisation. Their response was, well don’t be so stupid, who would deal with this?”
27:28 “Taking responsibility for your actions and reacting in a way that meets the cultural requirements, societal requirements, all of those things, with senior people in senior positions particularly ones that are holding data because that’s a very precious thing and should be taken very, very seriously and I don’t think people should shy away from those accountabilities and responsibilities.”
34.36 “Expect the worst and be very pleased when it doesn’t happen.”
Bio:
Kurt is the Head of Innovation at Digital Isle of Man, which was created to support the tech sector, developing and implementing a strategy to support sustainable economic growth and establishing the Isle of Man as a centre of international excellence for the digital economy.
As an Executive Agency within Isle of Man Government's Department for Enterprise, Digital Isle of Man is a public/private partnership, acting as a key decision maker and advisory body for the economic prosperity of the sector.
Before joining Digital Isle of Man, Kurt worked at Cayman National Bank as Head of IT and before that was CEO of the Manx ICT Association (MICTA) which was the precursor to the Digital Agency.
He has 35 years of experience as an IT professional across many sectors including Banking, Retail, Manufacturing, Telecommunications and Education. Kurt has also been an entrepreneur on the Island, founding and running an innovative IoM based telecoms company with clients and staff all over the world in between working for two other banks in senior technical roles. He’s also written a book about using natural intelligence to manage artificial intelligence.
&
Indulge