Challenges ahead

This is my last entry for a few days as I fully intend to make the most of the holidays. I wanted to take the opportunity to say thanks to those who regularly read and support this blog, and to wish everybody a merry christmas and good luck for the new year.

A number of events have stood out during 2007 that serve to remind of the importance of process over technology when it comes managing information security. Most recently, of course, the HMRC data breach demonstrated that all the technology in the world can’t stop people doing daft things that break the rules and put your revenue and reputation at risk.

My priorities for the new year are going to be:

– Focusing on user access and entitlements to company data

– Focusing on the security of the third party vendors that we deal with

– Tightening up our borders and spending more time on testing that the technology side of things is hardened and properly managed

– Security awareness and information for employees

2008 will, I predict, be a challenging year. Stories such as this one reported in The Times about state sponsored hacking probably represent the tip of the iceberg and we’ll likely be seeing many more disturbing reports of such activities with consequences for foreign organisations performing business within countries under suspicion. Social networking sites will be a magnet for hackers and identity thieves and stories about both individuals and brands being affected will be rife.

Such an environment means that the information security industry will continue to florish. I was recently in Spain on business where I learnt that few organisations presently employ individuals with the sort of position that I hold. I think that’s about to change as countries that have typically lagged behind with regards to technology come of age and begin to suffer their own fair share of electrionic attacks and data breaches.

As for my own personal 2008. I’m looking forward to the challenges ahead and, obviously, another good year of blogging!