She’ll be right mate
A flu sufferer could have taken a preventive strategy with a ten dollar bottle of multivitamins and a three dollar face mask from the local supermarket but instead opted for a more costly visit to a doctor and a course of antibiotics.
Likewise, a sun bather could have applied a fifteen dollar bottle of sunscreen but instead chose to pay for permanent scars created by the surgery necessary to remove the melanoma resulting from the sun’s deadly ultraviolet rays, and finally a restaurant owner could have installed a fire suppression system for the price of one week of profits but instead looked on speechless and contemplating financial ruin as the footage on TV showed his restaurant burnt to the ground after an unexpected explosion in the kitchen.
I was always taught that prevention was better than cure, but seldom do I see prevention being exercised. But why? It seems counterintuitive to accept such a risk and pay a huge price for it at a later stage, when a simpler and lower cost preventive action could have been put in place. Well, the answer is simple. The curse of being overly optimistic… often expressed by the infamous Aussie attitude “She’ll be right mate” and there it is - the ultimate recipe for procrastination.
Whether it is social circles or information security circles, procrastination puts many of us at great risk. We often read about months of lost productivity following a malware outbreak that would have had no impact had the servers and PCs been patched or irreparable damage to brand reputation caused by large scale data loss that would not have hit the media had the data been backed up.
The problem is, as with the non IT examples I gave earlier, when we fail to prevent and wait for a cure it is too late and all that is left is to make excuses, weak ones at best, for why we failed to prevent the predicament we are in.
Given that the majority of society seems to concern itself less with being proactive and more with being reactive, is there anything compelling to move someone from waiting for a cure to taking preventive action and saving costs in the process? Sadly, it comes down to an act of fear in most cases to motivate one to take action and I can think of only two concepts that will put fear into the hearts of procrastinators.
- Regulation and Compliance – to demonstrate my point here, remember when the H1N1 Influenza (swine flu) circulated in 2009? Anyone diagnosed with it or even showing symptoms of it was quarantined. The regulated act of quarantining victims caused people to think more carefully about wearing masks and washing their hands regularly in order to avoid contracting the flu. Regulation and compliance seems to be one of the biggest motivators behind forcing security professionals and organisations to act, primarily because the lack of complying carries serious consequences that could impact business.
- An attack too close for comfort – have you ever thought about going for that health check-up the moment you have heard that a neighbour or loved one has just been diagnosed with a terminal illness? When a tragedy or simply even a touch of bad news is a little too close for comfort it kicks us into gear to take action. Hearing that other organisations similar in nature to yours were targeted by hackers or even discovering a breach of your own systems will also motivate you to look more closely to prevent future attacks.
It is your choice. You can make a strategy for proactive information security, or you can continue to make excuses, but you can’t make both.