Data security is more than just an IT problem

There was a coincidental, but important, thread running through the articles in this week’s issue of Computer Weekly magazine. Take a look: Barclays encrypting software applications; the EU boosting its cyber defences; the debate over security in the cloud; and the challenge of tackling phishing

It is entirely by coincidence that so many security-related stories have made it into this issue – and equally timely as the world witnesses what has been called the first ever cyber weapon attack, the Stuxnet worm.

According to virus experts, Stuxnet is the most sophisticated malware yet created, targeting industrial control systems in a way that genuinely raises the prospect of a Hollywood movie-style covert attack on a strategic facility. The worm has the potential to alter equipment settings such as temperature controls. It has been suggested that Iran’s nuclear processing plant is a possible target, and now it seems Stuxnet has reached China.  

If those experts are correct, Stuxnet represents a serious escalation in the fight against cybercrime. It has been suggested that the virus required significant financial and technical resources to create – on a scale only available to governments or major international organised crime groups.

If it all sounds a bit apocalyptic, then it is also easy to be cynical and point to cyber-scaremongering from the security software industry who can only benefit from such heightened fears.

Nonetheless, the threat is being taken very seriously – a US cyber security chief has even suggested in the past that the next international war will be in cyberspace.

For IT leaders, security is of course a top priority, an ever-present in strategic planning. It is unlikely that situation will change.

But what the emergence of new threats such as Stuxnet means is that information security cannot be seen as an IT issue – it has to be taken as seriously by the CEO as by the CIO. IT security is not an insurance policy, it is a strategic prerequisite for every modern internet-enabled organisation.