Security Overall Isn’t Adequate, Executives Acknowledge
Sure, security is important, but Steve Hunt on the SecurityDreamer blog makes the point that organizations aren’t doing enough to insure its adequacy. Even security executives, he’s found, acknowledge that that their own corporate information is at greater risk than it should be. He credits Edward Snowden’s whistleblowing for heightening the awareness of inadequate security.
“This surveillance and spying conversation sends shivers down the backs of security managers and executives…,” Hunt writes. And it’s not just information security, he adds. “Physical penetrations were even more frightening to some executives who were certain that their confidential company information could be collected and conveyed out of the building (in the form of printed documents, photos, memory sticks, etc) by
- an unauthorized visitor tailgating into the building
- an attacker bypassing security controls at doors and fences
- rogue employees or contractors (a la Snowden)
- an internal attacker of any type”
So look around your organization in earnest, without blinders, to assess your full degree of risk.