It saddens me to see good security initiatives holed by sloppy security practice. My in-tray has been full of emails urging me to comment on reports about the lack of security in the web site for the UK Cyber Security Challenge, sponsored by leading security institutes such as the UK Government’s Office of Cyber Security, SANS institute, the Institute of Information Security Professionals and QinetiQ.
Operational security is easily overlooked when dealing with educational or research initiatives. That’s the learning point. Reputation can be equally damaged by an incident on a minor web site as on a mission critical one. All public sites need to be safeguarded whenever brand value or reputation is important. Security professionals in particular need to aim for higher standards in widely promoted initiatives.
The response now demanded is for the sponsors and organisers to demonstrate their crisis management skills and turn this threat into an opportunity. It’s not easy, but it can be done.