Editorial: People will always be the weakest link

By on
Editorial: People will always be the weakest link

At the recent RSA conference Europe, the final keynote speaker was the former politician and governor of Hong Kong, Chris Patten.

In a briefing with journalists, Patten appeared somewhat bemused to be at such a technical conference and admitted little understanding of the technology under discussion on the stands and the sessions. However he declared himself "no more out of his depth than most politicians" and bemoaned the lack of awareness of IT within Whitehall.

It's to RSA's credit that a figure like Patten was invited. Histhoughtful and opinionated speech was a welcome cap to three days ofintensive technical discussion on security-related topics. His grasp ofthe big issues, from Iran, North Korea, global warming and, in his pithyunderstatement, the "not wholly successful invasion of Iraq",crystallised what this business is ultimately about: maintaining andboosting business continuity in uncertain times.

As we adjust to the emergence of China and India, the challenge ofglobal warming and regulatory creep, those working in informationsecurity will see their roles and responsibilities change. It's alreadyhappening.

The 2006 IDC/(ISC)2 Global Information Security Workforce Study has justbeen published, and we have some of the highlights and an exclusiveinterview (page 42). What stands out is that the focus has shifted tothe people and processes in the security mix, which are now thought tobe of higher import than technology. As the report says, manyprofessionals have been saying this for years, but now the message seemsto be hitting home.

A real-life incident brought home how easily organisations can becompromised by their people's lax approch to security. Forced to standon the train, I happened to look down and caught a glance at theThinkPad a fellow traveller was working on. Standing behind his seat, Ihad a pretty good view of the email he was responding to. Now, becauseI'm journalist and nosey, I couldn't help but read what he was workingon. I was soon well equipped with detailed contingency plans for theLondon HQ of one of the world's biggest oil companies.

This isn't just a failure of information security; it's the entirebusiness culture that needs changing. Fortunately for those involved, asthe editor of SC, I'm not about to reveal the information I gleaned toanyone, but the incident bears out exactly what the IDC report wastalking about.

Here was a man committing a cardinal sin, and one that owes little totechnology. He was responding to sensitive company emails in a publicenvironment, with no regard to who may be looking over his shoulder. Hewas also carrying sensitive information on his laptop. How secure thatdata is anyone's guess, but I'd be worried.

Mr ThinkPad is an accident waiting to happen. It's the copier syndrome -you can put in as much technology as you like, but you can't stopemployees leaving confidential documents lying around in big piles nextto the Xerox machine.
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?