Home > Local News > Information security lacking with domestic firms

Information security lacking with domestic firms

Bernard Alphonso, director of Alphonso Security Consulting, says he
encounters skepticism and resistance in encouraging the Kingdom’s firms
to take information security seriously.Photo by: Wesley Monts
Information security is not a priority for many domestic firms and
organisations, so it is a tough task convincing them to take it
seriously, says Bernard Alphonso. As the director of what he claims is
the Kingdom’s only firm specialising in the field, he would know.

Alphonso
– a self-professed “security evangelist” – says that many of the calls
he receives come after a problem has already arisen and the damage is
done. He advocates a proactive approach to information security,
claiming it should be the domain of the decision makers rather than IT
managers.

“It’s high time Cambodia became serious about
information security,” he says. “Based on my own experience, but this
is me, typically very few things are being done.”

Alphonso started Alphonso Security Consulting in France in 2003, before moving it to Cambodia in 2005.

“As
far as I know I don’t have any direct competitors in Cambodia,” he
says. “What characterises my firm is that it is 100 percent specialised
in information security management.”

The recent WikiLeaks
situation showed that often the main threat to security was not purely
online hackers, but was often as simple as individuals stealing
information. In the case of WikiLeaks, security had allegedly been
breached from Bradley Manning, a 22-year-old US Army soldier.

Alphonso says stealing digitised information is generally easier than taking physical items.

“People
often don’t have a perception [that] they are committing a crime,” he
says. “CEOs, for example, are gold mines of information.

“Let’s not wait for the big data breach to happen.”

Although
Cambodia’s economy is benefiting from the advent of its communications
networks, this also opens up companies and organisations to more
possible breaches.

Alphonso says it would be far easier for
clients to act proactively, but generally he’s called into action after
the system is already down or the data is already gone.

Too much money is often spent on security, when many problems could be prevented by applying simple common sense, he says.

For
example, he has seen money wasted on sprinklers in server rooms and
hiring guards that spend their time on duty asleep, along with other
dubious expenditures.

While technology plays a large role in information security, software alone is no good if not updated, he says.

“Security training is far and between although human beings have always been the proven weakest link in a security chain.”

When working with clients, he first advocates an assessment to look at possible vulnerabilities.

He
is the only employee at the firm, but says he works in tandem with
other consultants, including for clients based in Malaysia and
Singapore.

Still, Alphonso says he has had a tough time selling his mission in Cambodia.

“All
too often I have encountered skepticism and resistance,” he says.
“Security is like insurance and you know that when insurance policies
are not legally mandatory people tend to be negligent and risk prone.”

The Phnom Penh Post
Advertisements
Categories: Local News
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: