Letter to the Editor by CEO of Info Exchange, David Allen (Carried in the Jamaica Gleaner Monday, February 22, 2021)
In this digital age, data security cannot simply be a bolt-on checklist item, it must be something that is practiced from the start.
Breaches are often due to fundamental oversight
In this past week, Jamaica has been rocked by the discovery of a data breach, which was reported by noted American technology publication TechCrunch. Security breaches are, unfortunately, not uncommon in today’s digital world and can happen to anyone at any time. We cannot stop them completely, but we can put measures in place to reduce the attack surface and to readily identify breaches so that remedial measures can be taken. In cases like this, breaches are often due to a fundamental oversight, this being the tendency to overlook the importance of secure coding and development best practices for the sake of lower costs.
Cybersecurity requires a change of mindset
This mindset comes from the fact that leadership have not connected the dots between operational risk and the technology implemented. Adequate oversight and a comprehensive understanding of what is at risk, why specific data must be collected, or who needs it, is fundamental. Security should start with the answers, and justifications, to these questions. In this digital age, data security cannot simply be a bolt-on checklist item, it must be something that is practiced from the start.
Change starts from the top
Before getting into issues of development and/or software coding practices, leaders must clearly understand that data governance is a set of practical and actionable principles and practices that ensure quality through the complete data lifecycle. This allows the various stakeholders to identify and manage perceived risks based on the probability of a breach and severity of loss. Leadership still thinks of security in physical terms, and this does not necessarily translate to digital assets.
Often, IT is thrown under the bus, but the problem starts with leadership. The lack of coherent policies and governance within the organisation to protect data and privacy will ultimately lead to lapses in security. The journey to a digitally mature organisation is just that, a journey. Missteps will be made, but we must nevertheless take a systemic approach to data governance supported by technology.
There are no shortcuts. We have the opportunity to make Jamaica a fully digital society. It is something we can achieved if the right mindset is adopted.
- Security breaches can happen to anyone at anytime.
- While they cannot completely be avoided, measures can be put in place to reduce the severity of the attacks
- The tendency to overlook the importance of secure coding and development best practices for the sake of lower costs play a siginificant role in these breaches.
- Leaders must change how they approach cybersecurity.
- Change starts in the C-suite.
- Leaders must have a comprehensive understanding of the link between the tech used and operational risks.
- Data security is not a checklist item, but a practice.
- Data governance as a set of practical and actionable principles and practices that ensure quality through the complete data lifecycle.
- Physical security does not necessarily translate to digital assets.
- Coherent policies and governance is needed to protect data and privacy and prevent lapses in security.
- We must take a systemic approach to data governance supported by technology.
David Allen, CEO- Info Exchange