The squeaky wheel…

by todaystrainingblog

          You know that old phrase…”The squeaky wheel gets the grease”, don’t you? It means that if you raise enough of a stink, ruckus, or complain about something enough you’ll get noticed, much like Donald Trump & Bernie Sanders, and therefore something gets done!

          But in security what seems to be the squeaky wheel at this moment? It should be fairly obvious to everyone within the field. And those outside the field probably won’t even bother with it until it affects them. And the pros inside it…let’s just say they’re happy as clams because they get more & more money to buy toys. Older toys and not the newer shiner ones to be sure, but toys none the less.

          So what is this new shiny thing that is distracting from the physical security and getting all the headlines? Plainly put, cyber security, computers, breaches, hacking, malware, and a plethora of other threats takes all of our focus. And unfortunately a lot of money, cyber security is neither cheap nor easy.

          But the question may be to a lot of people is why it’s so much in the headlines and takes things away from physical security. That answer is just as simple. Money, moola, greenbacks, dinero, whatever you wanna call it.

           A cyber breach costs money to everyone that associates with a certain organization. From the retail sector, remember Target, Lowe’s, & Home Depot? What malware and breaches of health care & insurance companies? And then educational institutions are #3 with all of their social security numbers, birth dates, names, & etc.

          It’s an embarrassment to the company that has to admit a breach or their cyber defenses. Yet many companies don’t, or refuse, to upgrade their defenses because the C-suite has no clue what they are doing. CEO’s, CFO’s, and others are the bean counters and don’t think it’s necessary…until a breach occurs and they’re caught red-handed in not doing what they should have done.

          Understandably, the C-suite doesn’t want to make the investment into their cyber security or networks for several reasons;

1. they don’t understand the risk of a breach. Despite the innumerable news reports of ransomware in hospitals, police departments, & other places they have on blinders. And worse, according to several reports in the past few months executives rarely change their passwords

2.  It costs a lot of money to constantly upgrade the systems. And then of course they have to hire a professional ‘gun slinger’ who can understand and implement everything.

3.  ensure everyone else knows the value of the program.

  4. The profit of the company will go down and it will reflect on them & the company. Of course they bad publicity doesn’t bother them that much…until it happens.

5. The shareholders don’t like spending money on something that doesn’t have a significant ROI. See above.

 

          Therefore cyber & network security gets pushed to the back burner. Usually the IT managers get to buy programs that are safer but… Many times these systems are completely non compatible and it costs more money than the cost of the top of the line software would have, to correct. And yes this does happen. Let me tell you about this company here in the Phoenix area, a non-profit to be exact and the issues they’re IT department has.

          2 years ago they spent approx… $2 million for a new software that would allow easier recording of customer data and the changes to it. Then last year they installed new software, at accost of another $2.5M that would allow easier access to ordering materials for customers from all departments.

          Sounds great dudnit? The only issue was that it cost another $1M to make the 2 programs compatible, which they still aren’t fully integrated after a year. The rub? A software program that would have cost only $4M to purchase, install, & tech support was available, but the C-suite wouldn’t budget for it because it was too expensive.

          This is true story and I will not name the company or specific location to prevent them from being too humiliated and having to make excuses for the clumsiness of their IT Dept. This being despite the IT Managers wanting the better software all-in-one programs.

           The C-suiters, across the world, are in denial about the cost of implementing good cyber & network security. Some are beginning to come around and putting the requests for more resources & specific programs on the front burner.

          But it is still the same story. As soon as cyber& network security drifts out of the publics view it will lapse and go back to saving money for the sake of the shareholders. That is until the wheel becomes squeaky again and a breach causes millions of dollars’ worth of damage.

          And I do have to say it is the same with physical security. When a breach of security possibly causes a loss to the company, then more money is spent on replacing/repairing what was broken and probably at a better fix instead of spit & baling wire.

          And with workplace violence it is virtually the same. After San Bernardino, companies, by the hundreds or thousands, were scared to death of what might happen. Articles appeared in the media everywhere. Now…it’s a subject barely discussed…anywhere, except at security meetings.

           So what is the next squeaky wheel for the public, media, & C-suite to grab on too and blame those of us in the field? Are we prepared for the finger pointing…again?

 

Robert D. Sollars is a recognized expert on security issues, specifically workplace violence. He’s spent 33 years in the security field. Visit his Facebook page, One is too Many, where you will read about other items related to security & WPV issues. Or be a twitter follower at @robertsollars2.

                I May be Blind but my Vision is Crystal Clear