A flu sufferer could have taken a preventive strategy with a ten dollar bottle of multivitamins and a three dollar face mask from the local supermarket but instead opted for a more costly visit to a doctor and a course of antibiotics.
Likewise, a sun bather could have applied a fifteen dollar bottle of sunscreen but instead chose to pay for permanent scars created by the surgery necessary to remove the melanoma resulting from the sun’s deadly ultraviolet rays, and finally a restaurant owner could have installed a fire suppression system for the price of one week of profits but instead looked on speechless and contemplating financial ruin as the footage on TV showed his restaurant burnt to the ground after an unexpected explosion in the kitchen.
I was always taught that prevention was better than cure, but seldom do I see prevention being exercised. But why? It seems counterintuitive to accept such a risk and pay a huge price for it at a later stage, when a simpler and lower cost preventive action could have been put in place. Well, the answer is simple. The curse of being overly optimistic… often expressed by the infamous Aussie attitude “She’ll be right mate” and there it is - the ultimate recipe for procrastination.
Whether it is social circles or information security circles, procrastination puts many of us at great risk. We often read about months of lost productivity following a malware outbreak that would have had no impact had the servers and PCs been patched or irreparable damage to brand reputation caused by large scale data loss that would not have hit the media had the data been backed up.
The problem is, as with the non IT examples I gave earlier, when we fail to prevent and wait for a cure it is too late and all that is left is to make excuses, weak ones at best, for why we failed to prevent the predicament we are in.
Given that the majority of society seems to concern itself less with being proactive and more with being reactive, is there anything compelling to move someone from waiting for a cure to taking preventive action and saving costs in the process? Sadly, it comes down to an act of fear in most cases to motivate one to take action and I can think of only two concepts that will put fear into the hearts of procrastinators.
It is your choice. You can make a strategy for proactive information security, or you can continue to make excuses, but you can’t make both.