What's up, what's down.
Not enough attention goes on people and this has been the industry’s biggest failing, says Professor Woodward.
FAIL. I will believe in that approach when "security stories" start appearing right next to the stories about the latest developments in Monaco's monarchy. In the same mag.
The UK government has shown some inclination towards improving public awareness.
FAIL. The UK government has shown some inclination towards spending taxpayer money on quixotic schemes.
In January it launched the Cyber Streetwise campaign. .... Little is known of the initiative's actual impact.
Shall I repeat? LITTLE IS KNOWN. And this is not going to change. Nor will anything be changed.
Simon Placks, head of cybercrime investigations at EY, however, has a very good statement:
An intrusion is not an illness that can be prevented with good cyber-hygiene.
On the other hand, you may just be a target of opportunity. There is not much you can do against that except have a dedicated team working on reducing the attack surface, day-in and day-out.
According to Stewart Room, barrister and solicitor specialising in data protection, that legislation is required to improve the fight against online crimes, is an indictment of the efforts of non-public organisations. ... "If the hacking problem needs regulations to improve cyber security, then as a matter of simple logic the medicine has to be strong, because the market has utterly failed.”
The failure is you, Mr. Room. Show me how this is supposed to work. No-one even knows what the medecine is and whether it exists in the first place. "The government" unable to find its own arse in the best of times, sure does not - nor can it issue valid regulation in this case. It may even be the perpetrator in a serious percentage of cases.
Note that "Regulation" is a term that encompasses concepts with differring meaning, so whenever I hear "Regulation" with no further qualification I know that someone is starting to play with words and tries to access the hindbrain. Note how "Airline regulation" [which is about process control] is VERY different from "Stockmarket regulation" [which is about fog generation for the hoi-polloi] and "Healthcare regulation" [which is about entrenching vested interests and giving oneself a progressive do-gooder sheen]. "Regulation" is not a nugget of compressed wisdom from the Gods that will magically result in shifting the no-longer-so-free market to generate secure software affordable by everyone. At best, it will do nothing. Except cost a few millions in legislative soul-searching.