We should, but we don’t always do it and even when we do we probably don’t spend as much time on risk planning as we should. I should know! I speak from 20+ years of experience leading IT projects and initiatives, and while I’ve thankfully been pretty successful and learned lessons along the way, I’m no angel.
There have been quite a few incidents of data breaches, large-scale credit card info thefts from big box change stores and even breaches in government databases over the past few months. These have all received great press, but that doesn’t mean they go away.
In fact, I think that it just makes it that much more likely – given the publicity – for these same hackers and other hackers to go the extra distance to find new targets and industries to hack. Sometimes it is done for ransom or to prove a point, and sometimes it is just done for the hacker’s curiosity and enjoyment.
I fully believe that we need to make cybersecurity a major presence on all projects. It needs to be a consideration going forward on all tech projects and on the larger ones a CSO or lead security person should be assigned to each project. Project security will become a full-fledged presence in all high visibility large scale projects and any projects with any degree of data sensitivity...which will include most tech projects judging from the experiences I've had in my work history. If we don't plan to avoid or react we will be sorry. Cyber crime is real and your project doesn't even need to be handling sensitive data to be at risk. It could be customer contact information that gets stolen. Anything – any security breach on the project – could stand in the way of customer confidence and customer satisfaction. Planning is our best tool – we must be doing it.