The Big Question is an initiative between Computer Weekly and recruitment consultancy PSD. Each week we put the Big Question to top IT professionals to get their take on a current talking point.
Do organisations deal adequately with the human element in IT security?
In the most one-sided vote since we kicked off the Big Question last month, IT professionals have cast doubt on the efforts of organisations to secure their data against theft or loss.
With the recent loss by the US government of 26 million war veterans’ records after a burglary at the home of a data analyst, a “no” vote might have been expected. However, the unevenness of the result – 88% against 12% – was striking, with many respondents mentioning the security issues surrounding identity card data.
One respondent said the US government incident called to mind the case of a global manufacturer that had spent huge amounts on network security but neglected to put a lock on the server room or the cabinets therein.
“That oversight meant anyone gaining access to the building would be able to download databases direct from the servers using a network sniffer,” he said.
However, given the range of possible security vulnerabilities, some wondered whether it was realistic to expect every hole to be plugged.
“Systems cannot fully take into account an individual’s motivation,” said one respondent.
“Companies have a legal obligation to put in place systems that protect individual or national interests. You can entrust that obligation to individuals but you cannot possibly always know their motivation. An organisation must do all it can, but it might never be enough.”