Technical Debt: Money Isn't the Only Thing that Accumulates Interest
IOU: Better IT security
It’s an unfortunate fact, but when people are presented with the choice between doing an easy job now or putting it off until later, they will often put off the work if they can. The mentality of leaving jobs “for future me” is used surprisingly often. Despite it being better to get things done early, when it comes to IT security, many businesses fail to see the wisdom in either getting ahead of the curve.
The term “Security Poverty Line” refers to the line between organizations that do and do not have the minimally acceptable level of security needed to fend off an “opportunistic adversary.” These are the type of attackers that capitalize on basic weaknesses in businesses’ IT security.
Looking beyond the risk of cybercrime, there are still many solid justifications for improving a business’s IT security, and one of the best is the concept of technical debt. Technical debt refers to the long term consequences of poor, or postponed work necessary for a system (or in this case a business) to function properly. Just like financial debt, the incomplete tasks pile up, accumulate interest (additional steps necessary to catch-up to the current tasks), and quickly grow from small tasks into large challenging hurdles.
How can this be avoided? You need to get to a state where you can be proactive.
Most of the tasks that accrue as part of technical debt are minor in nature, yet they remain time consuming. These are things like security updates, patch installations, or even things like anti-virus installations and updates. Fortunately, if you have the right infrastructure in place, many of these tasks can be automated to the point of being touch-free.
If you are already being proactive and have made investments in your business’s IT security early on it’s formation, then it’s likely that you are still investing the right amount of time and resources to keep your systems secure against attackers; However, taking a proactive approach to your IT security requires a solid knowledge of what risks are being posed to your systems. A business that has achieved this assesses their risks, ranks them against their damage potential and the likelihood of compromise, then proactively takes action to reduce those risks. This makes it possible to decrease the degree of effort necessary to maintain and improve that security as your business grows. By doing this, your security will be guarding you from potential losses due to the vile and villainy of the Internet, and cybercrime from inside and outside the office.
If you procrastinate and leave IT security on your to-do list, then the amount of work necessary to implement a reasonable degree of security continually increases. What would have been a small initial task with minimal maintenance, instead compounds over time into a larger more difficult task. Additionally, the lacking nature of what security you may have would be putting you at greater risk the entire time. Would your business suffer damages as a result of your lacking security? Not necessarily, however, that’s not something anyone should be willing to risk, not when so much is at stake.