Talk to Me: Bonus of Security

Wednesday, March 28, 2012 @ 08:03 PM gHale

By Gregory Hale
Headlines throughout the ISSSource website this week don’t lie: Survey: Malicious Attack Costs Grow; Agile Hackers will Break Security; Data Breaches Focus on Money: Study, and Spammers getting Smarter, Report Says.

Reports galore talk about the incredible intelligence of those wanting to come in and steal information, data, records, money, ideas, intelligence, but along those same lines, other dispatches talk about how ill prepared manufacturing automation companies are to handle the potential onslaught.

Stuxnet to Duqu: The Waiting Begins
Talk to Me: Work to Breakdown an Attack
Talk to Me: Security In Action, or Inaction
Talk to Me: SCADA Vulnerabilities: Pros and Cons

Why don’t they get it? There is uncertainty in how companies will be able to conduct business in the coming days, months, and years because of the cyber threat, but yet companies seem to think what they did three years ago will suffice. Sorry, but that is wrong. Does that sound negative? Maybe. The positive side is the technology the industry is using today can bring manufacturers great rewards. To garner those benefits, though, they have to be smarter than the bad guys that want to steal away prosperity.

More headlines: Code in Supply Chain a Threat; System Security: IT Not So Sure; ISPs Focus on New Security Tactics; Security Wags: Network Resistance Futile, and NSA Head: Cyber Storms Ahead.

Yet, talking to folks in the security industry, the same old story prevails: Most companies refuse to spend and move forward on a solid security investment. They are talking, but it is like rolling a 10-ton boulder up hill: Slow and uneven. I just don’t get it.

Even if you go by the tired old security is an insurance policy argument, then the idea for a hike in a company’s security posture makes sense. But let’s take it even one step higher. Studies show “top tier” organizations were 2.5 times less likely to experience a major cyber attack, and 3.5 times less likely to experience downtime compared to other enterprises.

Wouldn’t 3.5 times less downtime more than cover the cost of a security solution and plan? Wouldn’t being 2.5 times less likely to experience a major cyber attack, be worth investing?

Take a look at the costs. On average, cyber incidents cost organizations $558,000 in revenue losses, $480,831 in brand damage, $366,301 due to compliance fines, and $174,309 in lost productivity, one survey found.

Obviously, there are reasons why companies don’t make the investment. Costs probably play a huge role, but also the false concept of “we will never suffer an attack” also plays a big role. In addition, fear of the unknown plays into the scenario. There are surely enough folks out in the industry that don’t know what they don’t know.

It is understandable to look at the cost of a safety system being relatively fixed, and the cost of kicking in a security program is perpetual. But in today’s environment, where manufacturers are becoming more of the target, that is the cost of doing business. Companies will have to pay to make sure they stay secure – and one of the benefits could be a boost in profitability.

Yes, there are people out there that do “get it” and they are moving forward and will reap the profitable benefits. What happens if you enjoy protection, but one or more of your partners does not? That brings in a whole new discussion.

The industry really needs to get moving and start making some serious security investments or they will suffer the consequences. Get it?

Talk to me:

Gregory Hale is the Editor and Founder of

Leave a Reply

You must be logged in to post a comment.