However, there are some new developments in IT of course and in project management related to project security and we need to be paying attention. Hacking and cyber crime is on the rise. It's changing technology, it's changing the landscape of the data and sensitive information on the projects we are leading and it should definitely be changing the way we plan for and approach these projects we are managing. Getting hacked isn't just something that happens to someone else anymore. It's happened to more than 40% of my project and consulting clients to some degree over the past 2-3 years and that number will only go up.
Here are four areas where I see cyber risks affecting our organizations, project management infrastructures and the actual projects we are managing starting right now and heading into 2018 and beyond...be ready, and proactive or be sorry.
Fingerprint security and hacking. Not a lot has been said about what happens if a large or national or critical database full of fingerprints gets hacked. Our identity being in danger as customers of a big retail store that gets hacked is one thing. It's inconvenient, we get a new credit card, maybe wait for FDIC insured dollars to be restored to us or our credit reports to get fixed. But our fingerprints? We can't get new ones of those. I predict a huge fingerprint database hack in the next 12-24 months. It could affect office places and computer equipment that use fingerprints as security access, and it could also affect court cases and forensic evidence. Next those hacked fingerprints will be used on special gloves by the bad guys to frame innocent people when they break into stores, homes and workplaces or even commit murders. That's scary stuff!
C-level cyber security. I realize this is already happening. We have C-level security officers known, of course, as CSOs or Chief Security Officers. But is it truly cyber crime and cyber security they are tagged with? Or is it more disaster recovery and overall security. Cyber crime is on the rise every day and hackers are always one step ahead of the rest of the population, no matter what you are doing to combat them. They just may be refining their attack so you haven't heard from them yet. Comforting, right? We need the right leadership at the top of our organizations to help plan for avoiding and combating it.
Project security ongoing presence in all large projects and organizations. Project security will become a full-fledged presence in all high visibility large scale projects and any projects with any degree of data sensitivity...which will include most tech projects judging from the experiences I've had in my work history. If we don't plan to avoid or react we will be sorry. Cyber crime is real and your project doesn't even need to be handling sensitive data to be at risk. It could be customer contact information that gets stolen. Anything – any security breach on the project – could stand in the way of customer confidence and customer satisfaction. Planning is our best tool – we must be doing it.
Customer insistence on cyber security proof of concept. That security or disaster recovery proof of concept is common on government projects. Especially when data sensitivity is high and downtime would be critical to the success of the project. You may need to show you can be up and running in 24 hours somewhere else or somewhere secure if a flood or massive data base breech were to occur. But private sector projects of usually been immune to this type of proof of service. Not anymore. Expect the typical tech project of any reasonable size, complexity or data sensitivity to require this as part of the project requirements going forward in 2018 and beyond. We live in a different world. More than 20 years ago I ran government projects worth millions of dollars handling millions of sensitive financial records and no one cared about security – only recovery and project continuity in the face of a disaster. Today, with cloud based storage and processing and the persistence and skills of hacking the relative frequency and damage of a hacker strike, expect it to be the norm going forward.
Summary / call for input
I do believe that hacking and concerns for cyber security, data integrity and identity theft are here to stay. Plus, I believe that they will only get worse over time. The need for us to pay more attention to this concern during project planning and during risk planning and management is increasing and only getting more critical. We must be working to proactively and reactively plan ways of handling cyber crime and cyber security not only on data sensitive projects but on every single project. It needs to at least be a touchpoint and consideration on every project even if all we do is consider it and decide there isn't enough of a risk on a particular engagement. It needs to be a permanent checklist item.
Readers – what are your thoughts on cyber crime and cyber security as part of risk management? Perhaps you're in an industry where you've identified it as critical to be included already – please share your thoughts and what actions you are taking. How confident are your customers in your ability to avert hacking and cyber crime's affects? If you aren't already practicing risk management for cyber security measures, are you planning to start? Please share and discuss.