Jul 27, 201712:00 AMOpen Mic
Send us your blog for consideration!
What alt-rock icons Weezer have to say about cyber security risk
(page 1 of 2)
If you want to destroy my sweater, hold this thread as I walk away. So goes the Weezer song.
The L.A. alternative rock band may not be known for their risk management prowess (shocking, right?), but they were on to something that can be useful in understanding the future of cyber security risk.
(My inner high-school rocker hates what I’m about to do, but strap in: it’s Weezer meets data security.)
What Weezer was getting at is critical for C-suite managers to realize: just like you can destroy a sweater by pulling on a single thread, you can destroy — or at least put in jeopardy — a company’s future with just a single cyber security event.
Let’s walk through this step by step:
- Your company has been doing well lately. Lots of work, lots of happy clients, and lots of happy employees, too. This success comes to a screeching halt one Monday morning when you arrive to work to find that every laptop, desktop, and even your servers have been infected with ransomware by some Troublemaker. Even the backups have been compromised.
- Because things had been going so well, you never really took the time to develop a cyber security incident response plan, a data governance framework, or investigate cyber insurance. So, with the network locked up now, you don’t have a plan for dealing with this kind of a problem. Say It Ain’t So.
- As the hours turn into days, your once-happy employees’ payroll costs continue to mount even as they can’t work, your once-happy clients are demanding to be released from their contracts, and your bottom line — both present and future — starts to take a serious hit as the local media gets wind of the story. A friend tells you about a forensic IT company, and after learning that they charge around $350/hour (and work 24 hours a day, with two to three individuals on the job), you bite the bullet and enlist their services to unlock your systems and repair your corrupted data. For the same price, you could have bought a home in Beverly Hills (well, maybe you could have paved a long driveway and done some nice landscaping).
- By the time the dust has settled, your business has lost just shy of a quarter million dollars in just under a week’s time. Thankfully (if you can even say the word), you didn’t have much personal client/employee, health, or payment card information. If you did, the costs could have exceeded $1 million in the blink of an eye. That would not have been a Perfect Situation.
Alright, enough with the indie rock. Let’s get down to brass tacks. At this point, cyber security issues have received enough press and have been experienced by enough businesses — of all sizes and varieties — that should a business not have some sort of cyber security plan in place, investors, regulators, lenders, and even clients would have standing to ask: “Why haven’t you prepared for this?”
“I didn’t think it would happen to us …” is not likely to be an encouraging response.