HYPERtext linking technology and communications

“One hundred DSW shoe stores lose customer credit card information.” “32,000 customers affected by Reed Elsevier security breach.” Information security is still the easiest game in town when it comes to headline grabbing. Yet it’s rare that a tech vendor is positioned in those stories as a thought leader with a plan to prevent such events from recurring.

Commenting on the lack of “perfect” security solutions, security expert Bruce Schneier recently told delegates at the South Sound Technology Conference that the best way to prevent a repeat of—for example—the terrorist attacks of September 11, 2001, would be to ground all commercial air traffic indefinitely. The logical conclusion—that businesses should stop using the Internet if they want information security—didn’t sit well with the business users in the audience.

Scheier acknowledged his suggestion was improbable, but nevertheless indicative of the challenge security vendors and customers face every day: balancing the need for information security with business managers’ demands to maintain “business as usual.”

Communications professionals seeking to position their companies as security thought leaders should find a pearl of wisdom here. It is the preemptive nullification of threats that is of most interest to readers—not their aftermath. Why else would all those anti-spam vendors quantify their benefits in “hours saved” rather than “bad guys” caught? It’s in the “save” that the long term PR opportunity resides.

As Cisco CEO John Chambers put it to delegates attending the RSA Conference in San Francisco recently, “You cannot predict what will materialize as new threats, but you have to think about how those threats might emerge.”

In other words, don’t look to the past or even the present slew of viruses, “phishers” and spam for your PR stories, look to the ways people and businesses plan to use technology in the future.

Take wireless computing, for example. Today’s media debates rave about mega-mergers, the growing availability of high-speed data links and the first generation of content-rich applications. But what about the security risks to a generation whose mobile phones are fast becoming as valuable as their wallets? Shouldn’t vendors of wireless technology be anticipating the threats? My Treo 600, for example, is made by PalmOne and runs on the Cingular network. “Security” barely returns a search result on Cingular’s site while PalmOne’s security white papers are buried deep below its home page.

Once risks such as these are identified they present enormous PR and business potential. Don’t we all wish, for example, that we’d foreseen how the ubiquity of a single piece of technology such as Microsoft’s Internet Explorer would pose far-reaching threats to global users? When IE’s flaws surfaced, Mozilla’s rapid rise to prominence (and market share) seemed a no-brainer.

From Mozilla all the way back to “Melissa,” vendors have been falling over themselves to grab a share of the security headlines. No doubt many short-term cravings for press coverage have been satisfied, but the genuine thought leaders have been—and always will be—those vendors who predict where users want to go and help them get there—securely.