Information security is not typically top of mind for new business owners, says John Unsworth, director security, risk and intelligence, at security consultancy firm Revak.
“They are thinking about selling products and services, so we often find there is no one in charge of information security or compliance that has an understanding of the wider business risks,” he told the KuppingerCole Cyber Security Leadership Summit in Berlin.
However, Unsworth said that experience shows it is much more difficult to work retrospectively to get this done than it is to implement it at the outset so that it becomes part of business as usual.
From the perspective of an information security professional, the objectives of any company should be to protect the business, its employees and its customers from a variety of threats, while at the same time enabling the business to operate efficiently and effectively by embracing available technologies.
“The challenge is quite wide, but it is nothing new,” said Unsworth. “It is about ensuring data protection, preventing and managing data breaches and other cyber attacks, and balancing technical controls with human behaviours.