White Label Consultancy

Our Partner for Cyber Security André Årnes presented on the critical topic of #cloudsecurity from a Cloud Security Alliance Norway meeting in Oslo yesterday, alongside Per Jakobsen from the Public Sector Marketplace for Cloud Services #mps at Direktoratet for forvaltning og økonomistyring. #securityleadership #cybersecurity #dataprotection

An update from the Norwegian annual event #Attack2024 by our Partner for Cyber Security André Årnes - on digital threats against critical infrastructure.

Our Partner for Cyber Security André Årnes contributed to the Norwegian #governance, #risk, and #compliance network gathering hosted by JUC in Oslo yesterday, alongside Hedvig Moe, Gunhild Hernes Synnestvedt, Andreas Fredriksen, and Eirik Strømmen Engum, focusing on national and societal security and the regulatory landscape surrounding digital security with a focus on #NIS2 and #DORA, with(unavoidably) a flavor of #AIAct. One clear takeaway is that successful compliance and security strategies are rooted in well-coordinated risk management, building on: 👩💼 Board and top management ownership – Ensuring senior leaders take ownership and understand the full scope of the risks involved. ⛑ Roles and responsibilities – Maintaining consistency in who does what, whether in routine operations or crises. 🛤 Business continuity – Being prepared with a robust plan for handling unexpected incidents. 🤼 Collaboration – Recognizing that digital security is not just a tech issue; it’s also about governance and third-party risk management. 🗝 Culture building – Developing a solid culture of security and compliance at all levels in the organisation. This discussion is a powerful reminder that stepping beyond traditional compliance and into a proactive advisory role is crucial in today’s landscape. Thanks to the network group leaders Siri Skollerud-Blegen and Marianne Støkken Pilgaard for the valuable exchange! #SecurityLeadership #NationalSecurity #SociatalSecurity #DigitalSecurity

The 9th Edition of GovWare held recently as part of Singapore’s International Cyber Week, brought the global cybersecurity community of experts, vendors, practitioners, and academics together under the theme of ‘Securing Dynamic Digital Roadmaps: Relooking Signposts in Identity, Trust, and Resilience’. Once again, artificial intelligence (AI) has taken centre stage, underlying most sessions and stamping its growing importance in the cybersecurity field. On the other hand, quantum computing’s impact should not be underestimated. The top three takeaways: 1. The progress of AI governance with regulations such as the EU AI Act is much welcomed and needed, but the focus on the AI ecosystem and traditional/non-AI systems is largely ignored. As such, will such regulation effectively deter cyber threat actors already leveraging AI technologies and methods against traditional/non-AI systems to achieve their intended goals? Complementary regulations such as the EU Cyber Resilience Act could be expanded to address such gaps. 2. The trinity of cybersecurity threats fueled by AI and quantum technologies could form an ideal storm. Collectively, they introduce rising complexity, scale of attack surfaces, and methods at an alarming pace that existing defense mechanisms, be it people, processes, or technologies, would be overwhelmed if they remained status quo. ‘We are not ready for AI’ organisations would be wise to reconsider their stand given the risks posed, especially those in critical sectors such as national infrastructures, financial services, and health, to name a few. 3. The clarion call to action for increased public-private collaboration is evident and observed in regional/country-driven efforts such as the EU’s NIS2 Directive and Singapore’s Cybersecurity Act. Cyber threat actors are collaborating globally to increase their effectiveness and share lessons learned. Therefore, it is clear that public and private organisations must do the same to better defend against such threat actors. White Label Consultancy has extensive experience supporting organisations with cyber security advisory and leadership. Reach out or schedule a call to learn more about our service offerings and how we can support your organisation. #govware2024 #govware #sicw2024 #artificialintelligence #quantumcomputing #ciso #cybersecurity #securityleadership

AI is rapidly advancing, and one outcome of such advancements has been the emergence of deepfakes. Whilst deepfakes can have beneficial uses across marketing, entertainment, retail, education, healthcare, and cultural applications, they also pose severe risks, including identity fraud, non-consensual manipulation, privacy violations, the spread of disinformation and national security risks.. Last month, the Saudi Data & AI Authority (SDAIA) published their ‘Deepfakes Guidelines’, a set of comprehensive guidelines to address the implications of deepfake technologies, with the aim of mitigating their associated risks. The Guidelines are separated into distinct sections with guidance provided specific to developers, content creators, regulators and consumers.  Other regulatory frameworks governing deepfakes or AI have predominantly focused on high-risk situations, and obligations upon developers and creators. Interestingly, the SDAIA Guidelines not only highlight malicious uses, but also discuss beneficial uses for deepfakes, and go one-step further by providing recommendations for consumers.  One of the most interesting aspects of the Guidelines is the section dedicated to consumers, and how people can potentially detect deepfakes. The Guidelines recommend that consumers assess the message, analyse the audio-visual elements such as the blinking patterns and lip-syncing, and where possible, authenticate the content. It is also strongly recommended that consumers report a deepfake, where it has been deployed for a malicious reason. Some of our key observations :  1. The Guidelines establish ethical principles for deepfake technology developers and clear guidance for content creators. This objective is closely aligned with the EU AI Act, whereby developers are obliged to promote responsible creation and implementation of deepfake technologies, emphasizing transparency, consent, and respect for privacy, with content creators instructed to adhere to ethical standards and legal requirements.   2. For deepfake technology developers and content creators, the Guidelines recommend the implementation of strong data protection measures, ensuring that consent for using personal data is secure and companies maintain transparency regarding how deepfakes are generated.  3. Notably, when reviewing the Guidelines, its alignment with international standards and regulatory frameworks is clear, as many of the principles and provisions contained within the Guidelines have been mapped and show their alignment with the GDPR, national data protection laws.      White Label Consultancy has extensive experience supporting organisations with cyber security advisory and leadership. Reach out or schedule a call to learn more about our service offerings and how we support your organisation. #securityleadership #cybersecurity #cybersecuritymaturity #cyberleadership #cybersecurityframework

📢 Join Us! 📢 We are currently looking for talented individuals to join our team, with two positions open. If you're interested in being a part of our dynamic and dedicated team, we encourage you to apply if you haven't done so already. Please note that due to the high initial interest and numerous applications we've received, our job listings will only be available until October 27th. Make sure to submit your application by the deadline to seize this opportunity! Thank you for your interest in joining us. We are eager to explore your applications! https://lnkd.in/dS5gpR8a https://lnkd.in/dmrgiybj #JobOpportunities #Careers #Hiring #Deadline #ApplyNow #WLC

Over the past month, we participated in Plenary Events for three significant EU research projects for which we are partners: AI4Gov, Bio-Streams, and MobiSpaces. For AI4Gov, our special counsel Silvina Pezzetta, alongside our data protection consultant Lucrezia Nicosia, took part in a Plenary Meeting in Madrid, Spain. This meeting allowed us to align internally with the consortium on project status and objectives; as a legal expert partner, we also answered the ethics board members’ questions. In addition, we presented the self-assessment tools we are working on to the consortium to address the recently passed AI Act requirements. Finally, this meeting included an Open Day hosted on September 26th. The general public and civil servants engaged with us, showcasing our progress and fostering a closer connection to the valuable work we’re doing. In Bio-Streams, we gathered with consortium partners for another productive Plenary Meeting in Maribor, Slovenia. During this meeting, Lucrezia Nicosia presented critical updates from a legal and ethical standpoint, ensuring that Bio-Streams not only pushes the boundaries of innovation but also adheres to the highest standards of compliance and responsibility. Additionally, our special counsel Marcelo Corrales Compagnucci participated in the Fourth General Assembly Meeting for MobiSpaces in Larnaca, Cyprus. This gathering featured insightful discussions on project management, AI-based data management for green operations, and large-scale analytics, further strengthening our collaboration and advancing our project goals. As we move forward, our involvement will continue tackling various aspects, ranging from data protection to artificial intelligence, security, ethical challenges, and gender considerations. As we provide legal and ethical input to these projects, we are committed to learning in a field that is rapidly expanding and evolving, with the objective of always staying at the forefront of technological innovations and legal challenges. Exciting times are ahead, and we’re thrilled to be part of these impactful journeys! #privacy #artificialintelligence #security #innovation #europeanunion

🚨Today, the 17th of October marks the deadline for EU and EEA Member States to transpose the NIS2 Directive into national law. 🚨 By the 17th of October, all EU and EEA Member States were mandated to adopt and publish the required measures for implementing the NIS2 Directive, which becomes enforceable from tomorrow, the 18th of October. This Directive, which came into force in January of 2023, aims to enhance the resilience and security of network and information systems across various sectors, recognising the increasing threat of cyber incidents. With its ambitious goals, the transposition of the NIS2 Directive has faced challenges. Member States having several months to implement the NIS2 Directive into national law, Belgium, Italy, Hungary, Lithuania, Latvia and Croatia are currently the Member States with completed transposition. Interestingly, over the last few months, following the transposition status of several States has been increasingly difficult with some States not publishing updates. Many Member States are still reviewing drafts within their Parliaments, with updates likely to be provided in the coming days and months. You can see more about the current transposition status of the NIS2 Directive in our map below. Practical steps for organisations: - Understand Your Obligations: Organisations should assess the specific requirements of the NIS2 Directive relevant to their specific sector. Organisations should have a clear understanding of what is expected in terms of risk management and incident reporting. - Assess The Current Cybersecurity Measures: Organisations should evaluate their existing cybersecurity practices against the new standards. Possible gaps and areas of improvement shall be identified. Implement Necessary Changes: Organisations should actively work on enhancing their cybersecurity posture. This might involve tasks like updating the incident response plans, investing in new security technologies, or conducting employee training. - Engage with Regulators: Organisations need to stay in communication with relevant authorities to ensure compliance and seek guidance where needed. This proactive approach will clarify expectations and definitely reduce potential incidents. - Foster a Culture of Cyber Resilience: Organisations should encourage all employees to prioritise cybersecurity. Regular internal training and awareness campaigns will develop the employees’ knowledge in the area but will also improve organisation's overall security posture. White Label Consultancy has extensive experience supporting organisations with cyber security advisory and leadership. Reach out or schedule a call to learn more about our service offerings and how we support your organisation #cybersecurity #securityleadership #NIS2directive

On 10 October, the Council of the EU formally adopted the Cyber Resilience Act (CRA). The CRA builds on the EU’s Data and Cyber Strategies and forms an important part of the upcoming EU certification schemes, e.g. the EU Cloud Services Scheme and the EU ICT Products Scheme. In operation, the CRA will ensure that cybersecurity requirements are implemented for products with digital elements with a view to ensuring that products, such as connected home cameras, fridges, TVs, and toys, are safe before they are placed on the market. Simply put, the new laws will apply to all products that are either directly or indirectly to another device or to a network. As stated by the Council of the EU: “The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components, for example ‘Internet of Things’ (IoT) products, are made secure throughout the supply chain and throughout their lifecycle.” The CRA is an important legislation in the EU cybersecurity landscape as it will be the first of its kind in the world. The CRA seeks to harmonise rules and standards when bringing to market products or software with a digital component. It aims to establish a framework of cybersecurity requirements that govern the planning, design, development, and maintenance of such products, with obligations to be met at every stage of the value chain. Finally, the CRA creates an obligation to provide a duty of care for the entire lifecycle of such products. Following the adoption from the Council of the EU and upon it being published in the EU’s official journal in the coming weeks, the CRA will enter into force twenty days after publication. Notably, the CRA will apply 3 years (i.e: likely 2028) after its entry into force with some provisions to apply at an earlier time. According to the CRA, administrative fines for violations can reach up to EUR 15 million or 2.5% of a company’s annual worldwide turnover. You can read more about the CRA and its applicability in our recent whitepaper on EU Digital Regulations, which can be accessed here: https://lnkd.in/diSQ8nDe White Label Consultancy has extensive experience supporting organisations with cyber security advisory and leadership. Reach out or schedule a call to learn more about our service offerings and how we support your organisation. #securityleadership #cybersecurity #cybersecuritymaturity #cyberleadership #cybersecurityframework

Many countries have adopted data protection laws and regulations. While the EU’s GDPR is well-known, different jurisdictions have their unique frameworks. To help navigate the laws of the region, as the leading data protection consultancy in the GCC, White Label Consultancy has created a comprehensive comparative table examining the GDPR alongside data protection laws in the UAE, KSA, DIFC, and ADGM. Our analysis covers key elements like data processing requirements, data subject rights, and reporting obligations, with colour coding to highlight similarities and key differences. This resource is especially useful for practitioners in the GCC region and organisations operating across multiple jurisdictions considering expanding into the GCC region. Check it out to stay informed and compliant! You can download the full analysis via our website: https://lnkd.in/dCHTZfrP At White Label Consultancy, we can help you comply with your obligations under a variety of data protection legislation around the world. We support many organisations in the EU, US, and GCC region and we are the appointed DPO for many global corporations operating in the GCC region. Reach out or schedule a call to explore how we can assist your organisation in fulfilling your data protection obligations. #dataprotection #privacy #GDPR #GCC #UAE #KSA #ADGM #DIFC