Last year I attended an interesting seminar on the subject of cyber security. Those of you that know me will be aware that this is not a specialism of mine but nevertheless I had a relevant interest in attending so that I could learn more about the topic, particularly the prevention and control aspects.

During the debates one of the principle guests highlighted that the government was well aware of the need to take steps to protect the country from cyber attacks. They then went on to explain that they (the government) were working on improved legislation to combat the issue. Great.

So which way do you want to go?

Sit back and wait for the legislation to solve all your cyber security issues or take action now to protect your organisation?

My advice? Take some action now!

If you need convincing take a trip to Dover or Folkestone and watch the stream of lorries coming into the country. What are they carrying? Goods and merchandise for our consumption and enjoyment for sure but why do they get inspected and searched? People, contraband, who knows?

Ever broken the speed limit in your car? Of course you have. But it’s illegal! OK but sometimes it feels good and sometimes you would argue it’s a necessity.

So back to cyber security. If I’m sitting in a far off country whilst I try and break down the barriers to the innermost workings of XYZ Plc in the UK, do I Google UK legislation to see if I am going to get into trouble? Do I heck! The thrill, the challenge, the potential rewards are too great – I’m going for it.

Legislation takes time to put in place, usually after there has been sufficient negative behaviour to warrant research and expense to come up with rules, and get it through the relevant legal system. One can argue that legislation is therefore always going to be retrospective. And we are still back to the point of criminals ignoring the fact that it exists.

Of course legislation sets out practices which if followed, enforced even, may prevent certain threats materialising, but until individual situations are scrutinised against the legislation it may have little or no effect, i.e. no control – we are dealing with criminals remember.

Here’s the debate then. Is legislation a control?

One could argue that some people are compliant and will follow the rules laid down. Equally there are others who either through ignorance, incompetence or through wilful disobedience will not comply.

This means that legislation surely has some effect by influencing some people to stick to the rules. Nevertheless the problem is all to do with the ones that don’t.

My thoughts are that we cannot rely on legislation as a control and that when faced with protecting the organisations we work with, or for, we have to remain mindful of the threats presented by people or circumstances undeterred by the rules. It will come as no comfort to successfully prosecute someone for destroying your organisation.

January 26, 2014 at 9:31 pm
Return to All News
Category: Uncategorized
Tags: , ,