I didn’t attend the actual session, but my attention was grabbed by the report of Prof. Brian Collin’s views, speaking at a recent Cyber Security KTN event, on the controls needed to prevent the HMRC data breach. He took the view that government information systems should inform users if they are about to do something which could put citizens’ data at risk. Brian was reported as saying “The system design should never have allowed the [data loss]. They should be designed to stop people going off the edges of what is acceptable. Why are we not doing this? Because it costs.”
I couldn’t agree more. It’s not difficult to develop intelligent software that monitors information flows and can flag such errors. And it shouldn’t have to cost so much. Price points for security software are way too high. That’s why so many start-up companies fail to survive. Business models for security software need to be more modest. Then, hopefully, we’d all find a win-win solution.