E-crime is posing a growing threat to businesses in Wales, a threat which is being highlighted at a summit being held in Newport in June. Martin Smith, chairman and founder of The Security Company will be one of the speakers at the event. Here he shares his views on the human element of information and data security...
The recent public sector data security breaches are simply higher profile repeats of similar breaches within the private sector which have surfaced with monotonous regularity over the past months and years.
They are tragic in every sense. They needn't have happened.
advertisement
Worse, they'll happen again next week and the week after, and they'll carry on happening.
In every case, these breaches have been as the result of simple human error.
In every case there was no technical defence which would have prevented the inadvertent loss or disclosure of massive amounts of valuable data.
The cost of cleaning up is immense - far more than the tiny sums that, if invested wisely, would have sealed the cracks in the dyke.
Where is the common sense? Where are the quick solutions?
The damage to the public's confidence in the ability or enthusiasm of any organisation - public or private, large or small - to protect personal and financial data is almost beyond repair.
This insidious lack of trust is percolating into every aspect of our personal and professional lives. It undermines the entire e-economy. It cannot be allowed to go on.
There are few grounds for pointing blame at the headline organisations - there but for the grace of everyman's God go the rest of us, and the real victim is once again poor Johnny Public.
The real blame lies in the way the security industry has traditionally approached data security.
Surely even the most ardent technologist must slowly be cottoning on to the fact that the current technical strategy is not (on its own) solving our problems. It seems to be almost every day now that the evidence of our failure stares out at us from the newspaper headlines with examples of harmful data security breaches. It's no wonder that our business masters wonder where their money is going. The criminals must be rubbing their hands with glee!
Of course security technology is essential or our systems and networks would be unusable. But despite the vast sums of money spent, IT systems at all levels and within most organisations remain inherently vulnerable to even the most basic of security weaknesses and vulnerabilities.
This is because we have focussed almost entirely on the technology. We may have paid some lip service to the processes that surround the technology, but rarely have we attended in any way to the third and most fragile element of this defensive regime - our people.
We insist on developing increasingly complex technical solutions for increasingly obscure and irrelevant problems. We focus on brain surgery while the patient dies of the common cold.
I have been in this business for more than 30 years, and I know perhaps as well as anyone that there can never be a guarantee of perfect security.
But the carelessness underlying the incidents that are occurring more and more often, and the ease with which the security and fraud prevention industries could reduce both their numbers and impact, are frankly a disgrace to us all.
The human aspects of security and fraud prevention need to be promoted to their rightful place alongside the technical wizardry.
Of course our work hasn't been worthless. Of course security technology is essential or our systems would be unusable. But awareness is the oil that will make our security management and fraud prevention systems run smoothly. We must harness the support and assistance of every one of our employees and our customers. We must explain to each of them in a language that is both relevant and understandable the risks inherent in the modern information society. We must tell them exactly what is required of them in their everyday behaviour in order to handle sensitive information in all its forms in a safe and secure manner. Unless we do this, our e-crime defences will never be complete.
If you liked this article and would like to share it with others on the web who might be searching for good content we've made it easy for you to do it.
At the bottom of all articles, you'll see links to six sites. These sites - commonly called 'social bookmark' or 'social news' sites - have large communities of web users who share and rate interesting, useful and fun things on the web.
Clicking the links will automatically add the address of the story you are reading to one of these sites, letting you share it with others. Each site will ask you to register to share stories. Registration is free and once a member, you can store, recommend and search for stories that interest you.
Print
Email this
Comment
