Bridging the gap: Security & Compliance

Reading time: 3 minutes

Category: Trends and Reports


Some CISOs fear auditors more than they fear actual hackers…

Pieter de Lange is CISO at Transdev Nederland. Pieter has broad, global experience advancing information protection and (regulatory) compliance practices for the organizations he has worked for.
 
In his CISO strategy he is merging threat mitigation, compliance and basic security hygiene into one plan to generate the most business value. Passionate about making information security easily understandable by everyone in the organization.
 
Transdev Nederland is part of the global Transdev Group organization, which is a world-class player in the mobility market: operating in 19 countries in 2023 and committed to operating sustainable public transportation for all passengers. Transdev Nederland is working on save and modern mobility solutions by bus, train, tram, taxi, ambulance and other means of transport.

Compliance has become a crucial focus with the implementation of regulations like the GDPR, CCPA, and various global data privacy directives. But whilst many organizations have rightfully turned their focus to said compliance, does it actually ensure better (cyber)security?

The unfortunate truth is that, even if a company, program or appliance is compliant with all relevant regulations, it doesn’t necessarily mean that said company, program or appliance is also well secured.

In this ‘Bridging the Gap’ episode of Threat Talks, host Lieuwe Jan, special guest Pieter de Lange (CISO Transdev) and ON2IT CISO Tim Timmermans discuss how to bridge the gap between compliance and practical cybersecurity requirements.

Compliance isn’t the be-all-end-all of cybersecurity; so how do we approach it then?

P.S. Think you can spot the secret code in this episode? Join the treasure hunt, submit the code and win your very own Threat Talks t-shirt!

Deep Dive – Accellion File Transfer Application

You’ve diligently chosen a file transfer tool that is widely trusted, certified and compliant with all the necessary regulations – so you’ve done everything right, yes? But what if being compliant doesn’t actually mean you’re secure?

For this Deep Dive, host Lieuwe Jan Koning is joined by Threat Intel Specialist Luca Cipriano and CISO Tim Timmermans as they explore a critical case study: Accellion.

Over 300 companies, including major players like Shell and the Reserve Bank of New Zealand, relied upon this trusted secure file transfer solution.

But when an attack hit its legacy version, these organizations found out the hard way that compliance doesn’t always equal security.

Deep Dive – OKTA Data Breach

How does a company specializing in Identity and Access Management like OKTA suffer a data breach?

In this case, a service account password was inadvertently saved by an OKTA employee to their personal Google account, which led to the credentials being leaked. This incident exposed a significant gap in compliance and highlighted how human error can result in even the most well-respected cybersecurity companies being compromised.

In this Deep Dive, Tim Timmermans (CISO ON2IT) and Rob Maas (Field CTO ON2IT) join host Lieuwe Jan Koning to unpack how this breach occurred, and what lessons we can all learn from it.

If even cybersecurity companies are vulnerable, how can you ensure your organization stays protected?

Deep Dive – Capital One Data Breach

Capital One—a leader in finance—learned the hard way that even compliant systems can fail if they’re not configured correctly. In this Deep Dive, we explore how a simple misconfiguration in their web application firewall (and a hacker with insider knowledge) led to over 100 million credit applications being leaked.

Host Lieuwe Jan Koning, Tim Timmermans (CISO ON2IT) and Luca Cipriano (Threat Intel Specialist CTO ON2IT) reveal how this could happen, and what lessons we can all learn from it. How do you make sure you catch misconfigurations? And what other steps can you take to protect yourself against data breaches?

Did you know?

Each series of Threat Talks episodes comes with it’s own infographic, detailing all the threats that were discussed.

If you’re looking for a brief overview of these threats, listing each specific step the hacker took, and what mitigations would’ve helped stop them, check out our Compliance infographic!

Stay up to date with the latest developments in the world of cybersecurity! Alongside industry experts, we explore recent cyber threats, what their impact was and how to prevent these threats in the future.