IT Security and the Curse of Complacency

This paper aims to stimulate thought and discussion around the current state of the IT security industry. Fundamentally it aim to dispel the notion that IT security is now less important owing to improvements in attitudes towards security and secure system design. It presents a snapshot of common perceptions regarding the state of the industry, and how complacency in these areas is harmful to the overall security of any existing or new system. It highlights ideas on how the industry needs to evolve in line with the fast pace of IT development, which brings with it ever-evolving attack vectors that must be identified and understood as part of the security process.