The importance of Information Security

cyber eyeInformation security has recently been making headline news with a growing rate of daily reports on cyber-attacks on individuals, businesses and government establishments. This has resulted in an increase in the need for infosec professionals with the proven skills to alleviate the growing cyber risks and attacks; so much so that the demand for experienced and qualified professionals has outstripped supply.

Kevin Henry is recognised as one of the Leaders in the field of Information Security worldwide and recently he visited Bournemouth University to give ‘An Overview of Information Security Today and into the Future’. He highlighted importance of the right Infosec practitioners by describing:

  • How important it is for businesses not only to have the right technologies in place but also the skilled operators to use them to their full extent.
  • Often there are several systems working side by side in a business, but not together, leaving gaps which can be easily exploited. It takes a skilled professional to see those gaps and close them.
  • The need for security to be reasonable, simple and without burden to the user was also stressed. It should not slow a process down but should always be one step ahead of the curve. However, there will always be a balance to be found between system security and availability.

Kevin emphasised the need for:

  • Building a strong security culture both in our individual lives and in our professional lives: we all rely on technology in one form or another so each individual needs to take responsibility and not rely on others to tell us what to do, we should all be using the mantra ‘security is my job’.
  • Security awareness is paramount, businesses need to be constantly reminding staff what they should and should not be doing. Importantly, security needs to be regarded as being a positive influence and not as merely catching people out when they do something wrong.
  • Businesses and Infosec professionals need to look ahead and consider where their business will be in two or three years’ time; what are the emerging technologies and how can we prepare and invest now?

Concluding thoughts on how businesses should manage Information Security:Due to the very nature of risk, specifically its unpredictability, it can be difficult to justify expenditure on systems and professionals mitigating it. By the same token, it is difficult to measure the success of implementing Infosec procedures and systems. Ultimately, each business needs to take ownership of the information they hold, whether it is Intellectual Property or the card details of customers and understand the impact of a security breach. A decision can then be made as to how much time and money to invest. Ignorance to the risks can no longer be used as an excuse, a security breach resulting in the loss of credit card details for example would be seen as irresponsible rather than unlucky.
The team at Bournemouth University Cyber Security Unit (BUCSU) have the skills and experience to assist businesses in developing their own personalised Information Security systems and processes. In addition we undertake bespoke security awareness training for all levels of staff. Our enterprise consultants can provide advice and assistance in accessing the various funding available to businesses to improve their Infosec position through consultancy and collaborative research. For more information on any of these points visit the BUCSU website or contact bucsu@bournemouth.ac.uk.