When the Office of Personnel Management announced that it would improve the quality of its cyber security staff after concerns were raised in the Department of the Interior, it punctuated how important gaining and keeping the trust of the public-or consumer, as the case may be-is when IT security is involved.
According to an article in InformationWeek, the problems aren't restricted to the Department of the Interior, since a Booz Allen Hamilton survey of 69 officials in 18 other federal agencies found a number of challenges to federal cyber security. Plus, the 2009 CDWG Federal Cyber Security report says half of federal agencies report a security incident at least once a week and that many of these incidents come from inappropriate employee activity.
News like this makes it difficult to trust the federal government's IT network. But we don't have a lot of choices in dealing with the federal government.
Consumers do have choices when it comes to businesses, however, and Bruce Schneier writes that sales for all sorts of services, from hair cuts to medical services, depend on price and trust. He writes:
"A reputation-based economy means that infrastructure providers care more about security than their customers do. I realized this 10 years ago with my own company. We provided network-monitoring services to large corporations, and our internal network security was much more extensive than our customers'. Our customers secured their networks -- that's why they hired us, after all -- but only up to the value of their networks. If we mishandled any of our customers' data, we would have lost the trust of all of our customers."
In other words, if your business doesn't think it is important enough to maximize IT security measures or to hire well-qualified cyber security personnel, your reputation-and perhaps your customer base -- takes a hit from which it might not recover.