My trip around China has been eye opening. This isn’t the first time that I’ve been here but I’ve never before learnt so much about the perception to information security related risks that Chinese businesses have.
What it means for me in my role is a change of approach. It’s fair enough running a global program but it’s apparent that if you don’t take into account local risks, local culture, and – probably most importantly of all – local budgets then you wont get off the starting blocks.
I’ve found some very good security awareness here where company employees actively seek to protect their customer data, and ask questions where they feel not enough is being done. One of the challenges they have is in working within an environment where there’s so much pressure on keeping costs down to be competitive that security expenditure has to be seen to be vital with quick results before it’s likely to be committed to.
It’s been a positive trip so far and I’m now off to visit Thailand.