Security is a topic that seems to slip in and out of priority in organisations primarily based on experiences within (a hack) or without (a massive hack that gets publicity) but just too often in ways that are reactive. And there is inherent tension between getting stuff done and doing things securely because the only completely secure system is the one you never switch on. Unfortunately that particular system then itself causes many issues of security in its absence and people find insecure workarounds.
Today’s information and cyber security landscape is undoubtedly full of threats; in his recent work Cyber Wars, Charles Arthur classifies the source of threats into three main categories: amateur meddlesome “kids”, professional criminals and state-sponsored experts. As Sony Pictures found out in recent years, it’s not just other nation states that are vulnerable to the latter category these days.
There’s little doubt, though, that it’s far easier to get security initiatives up and running in the aftermath of some sort of incident, in the same way that it’s way easier to sell a burglar alarm to someone whose house has just been ransacked.
I’ve recently launched Stamp London’s first physical product – a set of playing cards called CIO Priorities. You can find out more about them here, and order a set for yourself here (or simply download the PDF and print them out).