‘Utility and security on the same spectrum. We can make data completely secure, but then it won’t be useable.’ Sebastian Manhart said this a years ago when we were on a panel together. It’s resonated with me ever since. And is apt to be reminded of this after the news of the data breach at ICRC. The cause of the breach, cyber attack, or how the system compromise happened is not public at the moment, but the ICRC has been known for taking data protection and security seriously for years. They have great policies and procedures. They have top level leadership buy in. And they have been working with highly sensitive data for over a century.
And still they fell.
So where does that leave us? Or at least, the rest of us? We can improve our security and protection. We can improve the awareness and understanding of risk of our leaders, our staff, and the communities themselves. Yes, all of this would be beneficial, but the risk will remain. And more and more breaches will happen.
Collecting less data is also an option. One that has been recommended for years, but ignored. Almost all of the power brokers in the ecosystem – leaders, donors, technology providers, governments, and so on – are asking for more data, not less.
So where does this leave us? Many I assume will be sad at the ICRC breach, but glad it is not their organisation. It will enable them to maintain the ‘it won’t happen to us’ attitude. Keep calm and carry on will be the reaction of most.
So where does that leave us? It is a complex challenge. We won’t stop collecting data or stop using digital tools. But we also can’t maintain the same course of action expecting different results. Somehow we need a collective to articulate the change we want to see. Something actionable and tangible. I just don’t know what that realistically is.
If you want to join others in discussing where we go from here and trying to articulate the change we seek, fill out the contact form or email me at amos (at) amosdoornbos.com