How’s the view from up on that organizational tightrope?
Despite all the rhetoric from politicians and bureaucrats and media pundits, times are getting tougher by the day. Such is the guaranteed outcome of socialism, whether it mutates into a command-style Soviet or zwangswirtschaft-style Nazi monster.
So, what happens when economic indicators are dire even as technological innovation races forward? Apart from missed opportunities for catching a figurative big wave, more than a few companies fail to keep up with the minimal security requirements that are necessary to brace IT infrastructure against a potential storm surge of DOS (Denial Of Service) attacks and phishing and data theft and cross-site scripting and related malware. For every $1 your employer declines to dedicate toward preventative IT security measures, anticipate a bill of $10 for correcting an error, a bill of $100 for rectifying a disaster (e.g. complete reimplementation), a bill of $1000 for settling with litigious clients/customers, or even the worst possible outcome: insolvency.
Like any analogous arms race, cybersecurity needs grow in lockstep with the capabilities of offensive hackers & crackers. As everyone and their sister scrambles to stake some e-territory, there has emerged a dangerous gap in the ratio of qualified cybersecurity professionals to web presences. While this is good news for cybersecurity professionals, those who can’t afford current rate premiums for such in-demand services remain liabilities to all surfing consumers.
Many aspiring internet tycoons & celebrities who find themselves with shorter shoestrings against which to budget will turn toward Open Source as a way to minimize direct costs. While commendable as an action plan of dedicated entrepreneurs & artists, one problem with such an approach is that the proverbial everyone and their sister ends up using the same server-side components while dedicating almost nothing to pay-it-back code audits or to bug hunting or even to internal value stream contingencies. Such a lazy IPsec environment makes cyberscum salivate.
If your organization makes use of Open Source technologies, discipline yourselves to be conscientious members of at least a few of those complementary communities. Automate testing and auditing processes to keep tabs on all exposed web services whether they’re Open Source or proprietary. Above all, keep on top of cybersecurity news and don’t let potential problems fester.
Alephnote: Never try to substitute PR spin for technical forethought — even if you succeed at staving off disaster & bankruptcy, you will come across as an organization of desperate liars.