Latest ciso publications
he question of trust in technology is more pressing than ever. However, software, websites and apps are still being produced which fail to provide comprehensive security. Why is this still happening?
“I believe that part of what my job is, is social responsibility” says Simon Legg, who last September took on the role of CISO at car insurer Hastings Direct. For Legg, it’s about educating people to make better security decisions. And he believes there’s one key reason that businesses and security teams are still making mistakes when it comes to security.
“I’m trying to drive us away from this culture of thinking about security in non-functional requirement terms, and always, always, always thinking about it in functional requirement terms.” For Legg, a recurring problem that businesses experience is that when building services, they divide software design into two buckets: functional and non-functional requirements.
The topic of breach normalisation has been examined heavily before, but most of the discussion has centred around its obvious, negative effect – the desensitisation and numbing of society to each passing incident.
Tangible effects are rarely immediately apparent in the aftermath of a breach. News reports consequently lack visceral impact. It’s not immediately clear where data ends up — users are inclined to think there is a high chance that their data, representing one line in a tomb of a database, might never be deployed against them.
“I’ve actually had journalists tell me this in the past. They would actually say it’s difficult for us to talk about because we don’t have a picture or video or something we can frame it against to capture people’s attention.”
But Pinkard also says there are also positive effects to the phenomenon.
67 percent of UK business leaders say cyber security concerns are preventing them from adopting new technology and blocking their digital transformation strategies, according to a new cyber security report.
The report, conducted by EY, surveyed 175 C-suite executives at UK-based businesses to assess the state of the British cyber security landscape at the board level.