By R. Christopher Haines, Executive VP and Chief Operating Officer
Well, here we go again. Another big, international cyber security incident. A bunch of people clicked an email link or opened an attachment they shouldn’t have and took down their employers’ computer systems. Last I heard, it had spread through more than 100 countries and made everything from the national news to your hometown newspaper. Big news.
Seen this episode before? Already know how it ends? Well, I have a pretty good idea. Board members and senior managers in non-IT roles will freak out, thinking it could happen to their companies. Their understanding of IT is limited, which you know through your experience trying to justify the IT budget every fall. They nickel and dime you on every possible IT expenditure, often times because of their feelings that IT may not be that important to the overall success of the company. So, it’s an annual battle to get your budget where you want it. And every year is a horserace between improving your infrastructure, expanding your cloud initiatives, undertaking large projects driven by needs from the operational departments, and other similar items. Well, unbeknownst to you, security just took the lead in this race.
No matter what kind of progress you thought you were making on all your other objectives, the people above you just changed your plans. Prepare yourself for questions like: “Is that thing I saw on the news a risk to us?” And then: “Tell me why I shouldn’t be worried about this happening to us?” The questions continue until they get to the dreaded: “prove it”. Next you’ll be stealing budgeted funds from other projects to concentrate on IT security, no matter how secure you already are. All those things you were making great progress on and hoping to wrap up just had their funding moved to cybersecurity.
This happens every time one of these high-profile incidents hits the news. Wouldn’t it be great if there were some kind of international incident that had to do with more mundane matters? What if, just one time, 99 countries got hit by a “your mobile app stinks” incident? Or what if a headline in the Wall Street Journal read, “50% of Companies Do Not Have the Resources Needed to Test and Implement the Big Projects their Bosses Keep Bugging them About!” Maybe then you’d get all the funds you ask for at budget time. Until then, be prepared to work on security every time one of these big incidents happens.
Oh yeah, and the best part is, at the end of the year you’ll be asked why you didn’t complete all those other items you had budgeted.