Jan 18 2012

Why Every Business Is in the Business of IT Security

It’s time for businesses to realize that IT security is not an option, it’s a necessity.

IT workers have been dealing with the apathy and outright hostility toward IT security for years. Users have long dodged security best practices, resulting in things like the worst passwords of 2011 — or worse, company data breaches.

Writing for Sophos Labs’ Naked Security blog, Chester Wisniewski takes a firm stance for all IT workers and makes a clarion call for businesses to recognize that they’re in the business of security, whether they like it or not.

In an attempt to illustrate the dangers of ignoring the vital role of IT security, Wisniewski shares his experience at a company that took a very laissez-faire attitude.

One of the organizations I worked at had IT security issues on a daily basis: viruses, lost devices, stolen data and intellectual property walking off with recently dismissed employees.

I regularly attempted to draw management's attention to the problem, and the fact that we had all of the software, manpower and will we needed to fix it. All we had to do was adjust our attitude toward the problem.

The reply? "We aren't in the business of IT or security. We make widgets. We maximize investor returns by buying, selling and trading subsidiaries to create wealth."

Well, I have news for companies who adopt this attitude. It simply isn't true anymore.

This same company spent millions of dollars monthly maintaining their fleet of delivery trucks, the robots in their factories and even the coffee machines in the break room.

We once had an outage due to a power failure at a critical IT facility that cost the organization over $1 million an hour because robots needed the computers at that facility to tell them what to make. When that's the case, can you afford not to be an IT company?

Do you have any stories of working for organizations that were uninterested in following IT security standards?

For more on the role of IT security in business, read Wisniewski’s post on the Naked Security blog.