People simply trust other people
This excellent November piece from McKinsey on cyber security deserves a comment (“A Framework for Improving Cybersecurity discussions within Organizations” – Jason Choi / Harrison Lung / James Kaplan).
Security is not about “enabling” the business but “protecting” it
At the end of a keynote speech I gave at the excellent CIOWaterCooler LIVE! Event in London on 28th September 2017 on security organisation, governance and creating the dynamics for change around cyber security, I was asked a challenging question on which I would like to elaborate:
In 2013, a sophisticated Trojan known as “Shylock” was unleashed on millions of unsuspecting online banking customers. Its modus operandi was to stealthily install itself onto a computer and await banking transactions, upon which it drained the funds out of its victim’s accounts. Not only was this Trojan highly intelligent, but it also had strong self-preservation instincts.