Should an organization invest in computers and technology, let alone Cyber Security?

Why should organizations invest millions of dollars in systems that sometimes have difficulties and create frustrations for employees? After all, the actual cost of Information Technology must include all of the equipment, software, people and overhead expenses, whether purchased by the technology team or another department, which can be both a very large number and, in some companies, the largest line item in their budget. Is it worth it?

When the technology was young, it seemed to be less complicated and there were great efficiencies to be garnered. Besides, competitors were investing in their company’s technology infrastructure which meant that competitive considerations entered the picture. Error reduction and time saved from the uniformity and repeatability provided by the technology were also important factors.

The answers are obvious …Now!, but all those years ago it was a struggle and in some cases a fight to put technology in place.  I recall this episode as I was trying to make our Purchasing Department more effective and efficient:

We had one (1) computer (on a lazy-Susan) for every four purchasing agents. I know this sounds incredible by today’s standards, but that was truly the situation.  I brought the company President from the Administration Building to Manufacturing, where Purchasing was located and explained that every buyer needed to have their own computer. He said, “come with me” and as we walked past some of the supervisory and managers offices, he pointed out that there were computers that were not in use.

The next day, I took the technical support person to the president’s office and while he was sitting as his desk we began to uninstall his phone. He asked if he was getting a new, upgraded, phone. I replied that we were removing the phone completely because he was not currently talking on it, nor was it ringing. Like most executives he was smart and every purchasing agent had a computer before 6 weeks had passed.

Technology has been instrumental in providing innovative approaches and solutions to aid every type of business. These solutions have helped streamline data capture methods, automate processes, and provide mechanisms to solve challenges globally.

With the introduction of technology tools, there is a need to ensure that management is not only aware of the cybersecurity risks they may be introducing but must be willing to invest and support the effort. While this always involves some hardware and software, keeping the skills of the tech-workers current is almost always under served.

Cyber Intelligence today is akin to the early days of technology implementation. Management is aware of the need for cyber security, but it is expensive and difficult to conceptualize in terms of benefits. After all, executives can’t really see a firewall or other facets or a systems security plan. Cyber security is like self-insuring the company’s technology infrastructure. This form of insurance is a bet by the entity being insured that some kind of an incident will occur. So, from the executive’s point of view, they are paying out money to bet that they will be hacked. This logic may seem counter intuitive.

However, if anyone thinks that Cyber Intelligence and education for the security of their technology is too expensive, they will be astounded by what the cost will be once a hacker penetrates their system.  The average dwell time (i.e., length of time a cyber attacker remains in an environment until they are detected and eradicated) is 56 days. One must ask, “What and how much long term damage can be done in 56 days?”

Cyber attacks and their sophistication will continue to rise. Do you have the necessary knowledge to deal with tomorrow’s threats?