How Much Time Do You Have?
Riverbank Ruminations; Observations from The Banks of The Technology River
Tom Evans ~ Ashton Engineer Emeritus
As you get older, time goes by more quickly. The technical reason is that when you are 5, a year is 20% of your life. When you are 70 it is only 1.4% of your life. Years go by quickly. In technology, generations of phones, game consoles, computers, and other things last at most a year. Sometimes the changes are significant, sometimes cosmetic. One thing that doesn’t change is that time slips away from us all. We all only get 168 hours in a week and we all have to decide how to spend those hours. The evanescence of time cannot be undone and has led to innumerable quotes about it. Let’s see how some of them apply to security.
“There’s not enough time to do it right, but there is time to do it over.” – Meskimen’s Law
You may have been in the meeting where “We don’t have the time right now” or “We will get to that later” was said about security issues. Be it security awareness training for employees, implementing new security procedures for the business, or training IT in the latest software and techniques, it is hard for businesses to justify spending the time. Then they get hacked, and NOW there is time to work on security. Usually, it is more expensive and time-consuming to recover from an incident than it would have been to undertake preventative activities.
“Time brings all things to pass.” – Aeschylus
These days the question is not if you will have a security incident, but when it will happen. A secondary question is: Are you prepared to respond to a security incident? Go back a few years and bad guys were content to infect you with a worm or a virus. Then they graduated to fraud, then to extortion. You have ransomware now that is preceded by data exfiltration. You get compromised, your data is encrypted, and now you have to recover. You may pay the ransom and if by some miracle the decryption keys you’re given actually work, you find out that is not the end of it. The bad guys come back and threaten to dump all your company data (read that as customer information) out onto the net unless you pay. As you probably can guess, if you pay, the demands will not cease.
“The two most powerful warriors are patience and time.” – Leo Tolstoy, “War and Peace”
You have a business, you are busy. You don’t have the time to worry about security. The bad guys have time and patience. They are willing to send out tens of thousands of phishing emails with the hope of getting one response that will provide them access to your network. As of January 2021, it appears that Solarwiinds had been compromised for 6 months before anything came to light. The bad guys got in and then patiently watched and learned how things worked. They ran some tests. They waited for the right time to act, and they were successful in compromising production software. You will never have the time available to protect against the bad guys, equivalent to what they are willing to spend to attack you. Setting up effective security takes time and patience. The bad guys have both, do you?
“The key is in not spending time, but in investing it.” – Stephen R. Covey
Part of the problem is the viewpoint that ‘We can’t afford to spend the time/money on security’. Since security does not drive dollars to the bottom line, it is viewed as an expense. It is in truth an investment. You are investing in your future ability to do business. You invest in capital equipment in anticipation of more business. You invest in new employees for the same reason. You need to invest in security to help assure that you are around to do business next year. If you are an SMB (small, medium business) this article should give you pause. It states that “43% of online attacks now aimed at small businesses, a favorite target of high-tech villains, yet only 14% prepared to defend themselves,”. This article cites the statistic that “As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.” How much would you be willing to invest to increase the odds that your business will not fail?
“The trouble is, you think you have time.” – Jack Kornfield
This almost sounds like a variation of the first thought. There is no reason to assume you have time to wait to address security. The bad guys are not waiting. They are actively seeking victims. They are also empowering unskilled bad guys by providing things like RaaS (Ransomware as a Service). This means that the bar to becoming an attacker is considerably lower than it once was.
“Better three hours too soon than a minute too late.” – William Shakespeare
It is never too early to start thinking about how to protect your business (or your home). As technology becomes more pervasive and the drive to provide cheap technology forces security to take a back seat, the threats become more widespread. In an ideal world, security is part of every business decision, every new hire, every software choice. When it isn’t, the opportunity to be a statistic becomes greater. Invest some time wisely while you can.
Call Ashton Solutions
Are you looking to better secure your network and data? Consider us like an insurance policy- it costs something, until you really need it. Then it’s going to save you a lot of money. Give Ashton a call at 216 397-4080.