Our previous article on cybersecurity approached the issue from the perspective of the individual internet user and showed the breadth of issues that we face and the simple things we can do to make our online interactions safer. This article has a different focus: How are organisations managing the cybersecurity risks that they face?
All Australians have some kind of relationship with large organisations that hold their data, be they corporations, not-for-profits, or governments. While we can take efforts to personally safeguard our own data, we are also reliant on the efforts of others. As consumers and citizens, we often blithely assume that these organisations are protecting their (our) data from harm. Those assumptions may not be wholly justified. This article will begin with an overview of the types of hostile parties and threats that organisations face and how they are meeting those threats.
The situation becomes even more complex when we are employed in roles where we play a role in information security – which we often do as information professionals. “Security” may not be our main priority but it is nevertheless there. The second half of the article, through practitioner quotes and academic research, explores the challenges that managing security as one of a number of information priorities presents to us.