Holistic information security protects sensitive information across every way it can be lost, technical, physical, human and behavioural, not only through digital systems.
Cyber security is essential, and it has rightly absorbed enormous attention and budget. But it addresses one channel: information held and moving through digital systems. A great deal of an organisation's most sensitive information never travels that way. It is spoken in meetings, discussed over coffee, written on a whiteboard, carried by people.
A boardroom conversation captured by a covert device never touches your network. An employee elicited at a conference gives away more than any firewall could stop. A contractor with quiet access removes what they like. None of these are cyber events, and none are caught by cyber controls.
When information security is owned entirely by IT, the response to every risk tends to be a technical, digital one, because that is the lens. The physical and human channels, technical surveillance, insider threat and behavioural risk, fall between the cracks precisely because they are nobody's clear remit.
Protecting information properly means treating people, process, physical environment and technology as one system. Cyber security secures the data. Counterespionage secures everything around it: the room, the conversation, the device and the person. The two are complementary, and neither is sufficient alone.
Holistic threat and vulnerability assessment is delivered by Threat Advisory.
Threat Advisory →