Intellectual and industrial property, personal data, bank data, providers and client directories, personal communications.. Nowadays, data is one of the...
Describing Cyber Security as a risk is a language oddity that keeps appearing at an alarming rate. It is a dangerous and simplistic shortcut: Cyber Security results from the proper application of proportionate Controls to protect an organisation from the Cyber Threats it faces. Cyber Risk results from the absence or inefficiency of such Controls.
Fundamentally, the Board of Directors needs to go back to basics on cyber security matters: Time has now gone to continue approaching cyber security purely from a Risk perspective. Risk is ultimately about “things that may or may not happen”. When it comes to cyber security, the Board should start from the premise that cyber attacks are a matter of “when”, not “if” – and should shift the focus towards understanding and managing what is actually getting done to protect the organisation.
I’ve been talking about the subject of information security weaknesses in smart buildings for a while now, and maybe it’s coincidence, or maybe just an example of the Baader-Meinhof effect, but the news around this has appeared to be getting noisier recently.