Complacency?

I am at the IDG Security Standard event here at the Fairmont Hotel in downtown Chicago. Bob Bragdon, editor of CSO and CIO magazines made some introductory comments. One of his concerns is complacency. He is worried that the changing threat scape is going to catch many IT security departments flat footed. I tend to agree with that perspective. I am sitting next to someone who I met several years ago when he was responsible for IT security at a major medical equipment manufacturer. He says they have their systems so well managed that they really don't have a security department anymore. He spends his time on audit and compliance.

I asked him if they have any Chinese competitors. Answer: yes. As a matter of fact they manufacture their stuff in China. You can guess where I am going with this. Complacency, developed and learned in previous years may not be justified as an organization extends their global presence.