One of the topics that has always lurked in the background is now very much at the forefront of technology conferences like HP Discover in Barcelona. In fact, of the numerous challenges facing IT (and their overarching businesses) HP describe Security as being in the top 3 of all areas of focus in the organisation. One would assume #1, so long as it’s monetised 🙂
But why hasn’t security always been at the forefront over the latest gadgets or even Cloud? In effect, I think the world is only now suddenly waking up to the fact that their personal information can be used for more than credit card fraud. Recent compromises by media organisations such as Wikileaks highlights that anyone in possession of private information (even third party contractors) can do enormous, irreversible amounts of damage to anyone implicated in that information. Up until these sort of incidents began to occur, most business owners and technology stakeholders felt rather immune or that security issues could easily be contained with a few password changes and a recovery from backup.
At all levels of Government, Corporate and Local Business hacking attempts are occurring every single day minute of the day. Even members of my family who run a small training organisation had their web page hacked and vandalised inadvertently by an Indonesian hacking organisation pissed off at the Australian Government while they carried out a malicious attack on Australian web hosting company Yodel.
At I Know IT, we have seen a dramatic increase (think once a year 5 years ago, to once a week) in hacking attempts on clients who in most cases wouldn’t consider themselves to be a target. The reality is, everyone is a target because these hackers are random and potentially automatically targeting just about anyone to see “what shakes loose”. Fortunately we’ve been able to proactively prevent any compromise of client information by using highly secure firewalls and antivirus software that notified us and blocked any further access to the offending attackers.
Today’s topic on Security with HP was interesting but I was left with a sense that to be honest, nobody really knows how to standardise Security in a business sense. Much of the big issues are occurring from within. If the NSA can get hacked or be compromised, what chance do the rest of us have? Instead, we are handed down big lofty security compliances that might suit big, lofty organisations, but even then most of the focus group agreed that not even your airport or bank completely comply with IT security standards yet.
Personally, I think it’s a re-think of what is sensitive information, and what is not. We assumed that it was all credit card fraud and organisational IP secrets but it goes much deeper than that. It’s the construction and re-use of that sensitive information that is accelerating because technology is accelerating along with it. Thus, we need to educate our people about their use of IT in much the same way we’re told to keep an eye on our personal belongings. Furthermore, we can’t just pay lip service to security anymore. It is the #1 threat to the trust we have in our technology systems.
Of course, I’m no security expert. But in this rapidly changing IT environment, is anyone?
I’m just finishing off day 3 at HP Discover but there’s plenty more to discuss. Follow the conversation @JamesVickery or leave me some feedback below.