Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 22 June 2018 12:42

Is journalism responsible for weak cyber security?


As an industry, we focus on the latest and greatest hacks, intrusions, tools and techniques. But in doing so, are we neglecting the biggest audience for our advice?

In order to "attract eyeballs," the average IT journalist will hunt down what is new and interesting. This means chatting with leading edge vendors, with large organisations and with a whole slew of pundits and commentators (mea culpa!).

All of these people are operating on the 'bleeding edge' and are actively involved with the esoteric, the sublime and the amazingly complex. This is their life-blood and their meal-ticket.

We, as a communication and information industry, report on these wondrous new things as if they're the only topic worthy of conversation, yet this is of little interest to those smaller organisations who don't have 300 servers; who don't have multiple offices and the communication infrustructure that requires; who don't have a team of experts to keep things running and to deal with any issues.

What we need instead is to recognise that we should be speaking to everyone who uses computing infrastructure to achieve their business aims (which is probably everyone!). Something like 96% of businesses in Australia are regarded as "small businesses", meaning that they employ fewer than 10 people – often only one or two. Any journalism that addresses APTs or polymorphism or DNS poisoning (to grab three advanced topics at ramdom) will mean nothing to these people – they're too busy creating invoices, dealing with emailed purchase orders and telephoning courier companies to scream about a missing delivery.

As Sean Duca, regional chief security officer, Asia Pacific for Palo Alto Networks, noted, "the average small business owner thinks that anti-virus is all the security they need." As I listed to that comment, I immediately realise that I was part of the problem.

If they ever actually make back-ups of important files, these small business owners might burn a DVD occasionally, or perhaps copy a bunch of files to a memory stick to take home, hoping that the anti-virus means everything is fine.

If they ever actully make backups.

They might even "upgrade" their security by moving from vendor A's anti-virus to that of vendor B. Or worse still, install both!

All of this is telling me that we all (IT journalists) must do better. We must recognise that our audience needs a certain amount of hand-holding; that we need to say the same things many times; that we need to reduce our focus on the golly-wow end of the spectrum.

With that in mind, this will become the first in a series of "simple security" pieces that will assist small businesses to protect themselves in this modern environment.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments