Business Technology: It's Time To Stop Playing Chicken With Cybersecurity - InformationWeek
Software // Enterprise Applications
02:00 AM
Bob Evans
Bob Evans

Business Technology: It's Time To Stop Playing Chicken With Cybersecurity

Why are so many of us doing so little about cybersecurity? Why do so many companies continue to tolerate unsecured systems? Some insight might lie in the research done by a physician in Vienna, Austria, more than 150 years ago, Bob Evans says.

Now, it's certainly possible I'm making way too much of this. But let's for a moment just pretend that I'm not--here are a few data points you can consider: in 2003, lost productivity caused by employees having to deal with spam cost companies an average of $874 per employee. Scary stuff, eh? But it's a fairy tale compared with this year, as that cost has jumped about 120% to $1,934 per employee. Say you work in a small-to-medium-sized business with 500 employees--that's almost $1 million flushed down the drain due to spam--and that doesn't even take into account some related costs such as IT personnel's time, software and hardware costs, and clogging of networks.

Or how about this: in a forthcoming InformationWeek Research global survey of 7,000 business-technology and security professionals, 83% of North American companies say that security breaches and malicious-code attacks will be more of a threat this year than they were last year. And in spite of those escalating threats, 38% of North American companies say they will be spending less on information security in 2004 than they did in 2003. Have those 1,200+ companies that say the threats are escalating but their spending's diminishing found a truly better way to spend less and get more, or are they being monstrously irresponsible?

Other Voices

Six-year-old Donnie Hauser-Richerme knew he couldn't swim, but he also knew the little girl in the murky, debris-filled swimming pool was in trouble. Donnie jumped in and helped save 5-year-old Karah Moran's life before becoming stuck in five feet of blackened rain water and muck at the bottom of the deep end. Paramedics eventually rescued him, but he was in critical condition and on life support Thursday.

--, June 10

Here's one reader's view of what might happen: "It will be some whopping, system configuration/registry eating, denial-of-service, file-corrupting polymorphic stealth goody. It could install through a fundamentally nonpatchable design flaw in a ubiquitous piece of software that has massive distribution. Or maybe it will be just another stupid-user E-mail attachment trick. To be truly deadly it will activate itself just a bit here and there, so that by the time people figure out they're infected they don't really know what they lost or when it started, but certainly, most people won't even have enough generations of backup to recover their lost files and data. If it's really clever, it will modify a program that's often running anyway. (Quite frankly, I feel many people are capable of creating this monster, but are at least for now wise enough to direct their talent elsewhere.) But I believe it's coming. And so do others. The resulting chaos and loss of productivity will be unbelievable. And then there will be outrage and change that will cause software to be rewritten the way it should have been to begin with."

Is your company prepared? Do you have unsecured systems? Do you have a rigorous information-security strategy and set of policies that the executive committee has read, understands, supports, and promotes?

To shed some light on our widespread denial, here's a life-and-death story from 157 years ago in Vienna, Austria. But more important, it also sheds some hope that tells us that if we act now, and if we animate the corporate will to make this a top priority, and if we recognize that unsecured systems and other security vulnerabilities are financial time-bombs ticking away in our midst, and if we take the steps necessary to mitigate that risk, then we will have won a great victory. The story involves a Hungarian physician by the name of Ignaz Semmelweis, and no, he didn't have to deal with cybersecurity in the middle of the 19th century, but he confronted a problem every bit as vexing: he set out to convince the scientific community and the world that germs exist, and that germs can cause disease. When he first raised this theory, he was greeted mostly with scorn--and those who didn't call him a fool laughed at him. But he persevered in his work, and his breakthrough came in 1847 when he reduced the mortality rate in a maternity ward from 13.1% to 2.8% by convincing doctors that if they continued to go directly from examining cadavers to examining expectant mothers without vigorously washing their hands in between, then the invisible germs on their hands would continue to kill 13 out of every 100 pregnant women they treated.

Today, in our modern world of objective research, it seems almost impossible to believe that anyone could ever have disagreed with Semmelweis's theory. Yet here we are, under siege and increasingly mortal danger from cyberattacks that we tend to dismiss as either not there at all, or as harmless; or we view ourselves and our companies as beyond their reach, securely outside their infectious embrace. And each time we do, we provide more material for others a few years from now to look back upon and wonder, "What were those people thinking? Why didn't they do anything?"

There's still time. But not much.

To discuss this column with other readers, please visit Bob Evans's forum on the Listening Post.

To find out more about Bob Evans, please visit his page on the Listening Post.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll