This is my formal wake-up call to businesses who still don't feel the need to protect their networks from foreign intrusion. The main issue I'm finding after many discussions with other people in this industry is that they quite simply don't want to pay the extra money for something that they believe is of minimal risk. Because they've not yet suffered any type of breach on their network, loss of data, or service interruptions they feel it's not a worthy avenue to pursue.
Here's the thing, you're looking at it the wrong way. Businesses are simply examining the practice of security as nothing more than a cost expenditure on a spreadsheet that they feel they can't afford or don't need to justify spending. Well, you do, and here's why. Don't look at it as if you're just spending money on something invisible, you're not. You're spending money to protect the integrity of your business. You're also spending that money to protect your customer's personal and financial information that you're storing electronically. And lastly you're protecting the long tradition of fine services, products, and excellence your organization is known for. It's a symbolic gesture to the clients who trust you to do business with them safely in a digital world, and it will actually help protect them and you. Even if they have identity theft protection, most protection companies only promise to help them sort it out for one year. If that information is floating around the internet, it will never go away. Once it's out in the ether, there's no retrieving it, and they're going to blame the company responsible for allowing it's theft.
You couldn't pay me enough to be the CEO of Sony Studios right now. That corporation is the quintessential example of what can happen to a million dollar company that's been in business since 1946 in Japan, and since 1960 when Sony of America was established. That's almost 70 years of establishing their brand, quality, and products to the world and that trust was wiped away in a weekend. Between the vitriolic emails that went back and forth, to social security numbers of past employees and entertainers, I assure you Sony is in extremely poor standing with the world right now. They are a company that hasn't taken security seriously, since forever, and it's come back to bite them numerous times in the past few years. They chose not to protect their data, their clients, or their tradition of excellence.
So with all the above being said, how much would you pay to protect your company's trust, integrity and excellence with the world? Because at the end of the day, that's exactly what you're paying for and you would probably be surprised at how inexpensive it is to setup some basic protections. Nothing is unhackable as I've said before, but it looks ten times better for a company that has taken the subject of security seriously and implemented some solutions to protect as much as they could if they ever are attacked. When your clients find out that you instead chose to do nothing, I assure you, they won't be your clients for much longer. You may even find yourself out of business and out of a job due to the aftermath. THIS is how we must look at the issue of security. Not as some invisible cost on a balance sheet that should net us profits, but as the tax we must pay to do business in the ever evolving digital landscape.