As part of Information Security Awareness Month, UNICEF and ICC co-sponsored an Inter-Agency event in New York at UNICEF Headquarters called ‘Stay Safe: Advancing organizational mandates with strong cyber security programmes.’
The goal of the event was to engage and increase user awareness around cyber security issues through interactive discussions and presentations on challenges and opportunities faced by UN Agencies and the private sector.
This year’s event featured a keynote speech from Aradhna Chetal, Global Head of Cloud Security Architecture, HSBC and a member of Cloud Security Alliance, UN Agency executives and Chief Information Security Officers as well as cyber experts from all seven Agencies. Discussions focused on information protection and data privacy, personal data and Personally Identifiable Information (PII), linking concepts and policies to good practices, as well as how information management affects and aligns to organizational mandates and delivery.
- Introductions by Jorge Torres, Chief, IT Security, UNICEF
- Sammy Njoe, Deputy Director, Solution Centre and Support, UNICEF
- Anish Sethi, Chief, Clients and Projects, ICC
- Luca Baldini, Director, Information Technology and Solutions Office, UNFPA
- Keynote Speaker- Aradhna Chetal, Global Head of Cloud Security Architecture, HSBC.
Jorge Torres, Chief, IT Security, UNICEF, opened the session prompting participants to answer the question “It’s midnight. Do you know where you information is?”
Information security should be regarded as an enabler, not a disabler, for our organizations’ mandates.
Jorge Torres, Chief, IT Security, UNICEF
Sammy Njoe, Deputy Director, Solution Centre and Support, UNICEF, shared how important partnerships were to sharing responsibility and collaboration on cyber security awareness and protection. He noted “more and more every day we work in partnerships, especially in the UN. We need to be all at the same level of practice, application and understanding.”
Anish Sethi, Chief, Clients and Projects, ICC, discussed how information security directly relates to the aim of meeting the 2030 Sustainable Development Goals. He stated, “All SDGs are supported on platforms and technology. Security is crucial to all the goals the SDGs are addressing.”
To build the systems of tomorrow with a bedrock of security, we need to stand together. This forum shouldn’t end today or at the end of cyber security awareness month. We have to keep working in partnerships to succeed.
Anish Sethi, Chief, Clients and Projects, ICC
Luca Baldini, Director, Information Technology and Solutions Office, UNFPA, presented a case study on challenges and contexts for information security at UNFPA. He said that, “information security is a mental habit, not a legal need. It’s a matter of awareness.” With these remarks, he wished that participants would leave with more tangible ways to promote cyber security in all aspects of their lives.
Aradhna Chetal, Global Head of Cloud Security at HSBC, in her keynote address, provided stories and statistics to illustrate how a lack of knowledge and responsibility in cyber security affects us, from high level executives to pre-teen kids using social media. In one example, she noted that the shipping giant Maersk suffered black screens, damage to 4000 servers and hundreds of apps, with a $450M loss resulting in a 20% market share loss.
Chetal highlighted these incidents to show how sophisticated and covert cyber-attacks are getting and how unfortunate the consequences can be from innocent oversight in protecting one’s privacy and data.
She spoke about the risks of cloud computing with its benefits of speed to market, reducing capital and operational expenditures, the digital dependencies of smart cities and a world of increasing Internet of Things, as well as problems of global reach and internet accessibility.
Knowledge is power. We need to empower children, girls, women and the elderly, who are equally at risk. Also cybercrime doesn’t end at the borders. We have to collaborate, we all have to come together to recognize how to stay safe where we are, right now.
Aradhna Chetal, Global Head of Cloud Security at HSBC
After the keynote speech, there was a panel discussion moderated by Monica Price, Cyber Security Awareness Consultant for ICC and ex-World Bank Group expert. The panel discussion included:
- Jorge Torres, Chief, IT Security, UNICEF
- Thomas Braun, Chief, Cybersecurity Section, Office of Information and Communications Technology, UN
- Mila Romanoff, Data Governance and Policy Lead, UN Global Pulse
- Paul Raines, CISO, UNDP
- Sachiko Hasumi, Corporate Information Security and Compliance Manager, UN Women
- Aldo Gomera, Information Security Officer, PAHO
- Tima Soni, CISO, UNFPA and ICC and Chief, Information Security Services, ICC.
Monica Price, Cyber Security Awareness Consultant, ICC, moderated the panel, grouping questions around:
- Cyber Risks: Today’s Challenges
- Advancing Organizational Mandates through Awareness Programmes
- Awareness Programme Challenges.
On cyber risks, Paul Raines, CISO, UNDP, explained that he thought phishing was the biggest problem to handle, since it was getting more sophisticated and phishing emails were coming through to people that looked more and more legitimate than in previous years.
Mila Romanoff, Data and Governance Lead for Global Pulse, said that there is a problem with how security is treated legally. According to her and other panelists legal language on protecting information can be very broad and nebulous.
Jorge Torres, Chief of IT Security at UNICEF, said that a major problem is that cyber security is still viewed as primarily an IT problem, when it should as a problem for everyone to create awareness.
The other question posed by Price was whether innovation was a friend or foe, pertaining to cyber security. Aldo Gomera, Information Security Officer for PAHO, stated that he thought innovation was major positive asset to cyber security because it allows for us to always keep improving and have a broader reach for our services. He provided the example of how safer software is being created to operate without user intervention.
Thomas Braun, Chief of the Cybersecurity Section for the UN OICT, added that the only way for humanity to progress is through innovation. He said that with innovation we can find data’s value and use that data to drive progress and speak to one another on the issues we all face. He also noted the abundance of data risks and the need to discuss data scarcity – addressing when to ensure that we appropriately dispose of data, not just continue to accumulate it everywhere.
Tima Soni, CISO for UNFPA and ICC, added that innovation can be both a friend and a foe. She said while we can use innovation for the invaluable humanitarian work that many UN Agencies do, innovation can also be used by cyber-criminals to offset some of the positive outcomes of innovations.
Sachiko Hasumi, Corporate Information Security and Compliance Manager for UN Women said that the possibilities of innovation make it a friend, while its potential dangers make it a foe. She said if we realize both of these possibilities, then we can celebrate progress like sophisticated and safe software and Artificial Intelligence in the fight against cybercrime, as well as the human intellect and potential to make innovation work for us.
The event brought about quality discussions and invaluable points for participants to take back to their organizations, so that staff and stakeholders can further understand the value and importance of information security in delivering UN missions and mandates.