Security must now be discussed at the outset of everything. Examples are mounting on a daily basis of hackers and ‘bad’ actors reaping huge harvests from slack security practices.
For example, whatever you think about the Taliban, the US retreat and what comes next, one story is emerging that demonstrates exactly why security must be built in, even if there is no logical or foreseeable reason for it to be.
Amongst the stories of the eye watering amounts of armaments and money that the US left behind (they are not the only ones) are scary stories of facial recognition technology and databases that are available to whoever can access them.
But one story that should result in security professionals putting their heads in their hands and rocking backwards and forwards moaning is that ordinary Government databases were not secured. This is a classic example of why security must be top priority. Presumably in this case, the teams that set up the databases thought, ‘Oh, yeah, security. We’ll get to that later’.
Too late it turns out. And no wonder there are a lot of scared Afghans out there.
Of course, this is a high profile example but now we have a threat level of ‘daily and ridiculous’ when it comes to breaches and every example points ever more potently to the fact that security must be built in.
At least twice a week, a Feature appears on Disruptive.Asia warning of ever greater numbers of ransomware attacks and ever greater levels of extortion. Now, according to this story, the average ransomware attack cost more than half a million US dollars in the first half of this year.
This situation is, of course, good news for security companies and consultancies. Many are posting their best ever results. And, of course, companies big and small should use security companies to help with their defences.
Yet, even with the enormous amount of expertise and experience out there, it still falls to individual companies to discuss security as part of its strategy, however sick of it they are. And now we know that the trend of remote working will remain after the pandemic has retreated, it is even more important that Boards realise that security must be part of any and every plan.
The downside is too dark and scary for it to be anything else.