Written by Robert D. Sollars
You know the old phrase… ”The squeaky wheel gets the grease”, don’t you? It basically means that if you raise enough of a ruckus about something, you’ll get noticed and more than likely your issue gets resolved…quickly, much like the lynch mobs after law enforcement for the smallest possible perceived slight, and therefore something gets done, whether it’s the outcome we wanted or not.
But in security what seems to be the squeaky wheel at this moment? It should be fairly obvious to everyone within the field. And those outside the field probably won’t even bother with it until it affects them. And the pros inside it…let’s just say they’re happy as clams because they get more & more money to buy toys. Older toys and not the newer shinier ones to be sure, but toys nonetheless.
So, what is this new shiny toy that is distracting from the overall physical security mindset and getting all the headlines? Plainly put, cyber security, computers, breaches, hacking, malware, and a plethora of other threats takes all of our focus. And unfortunately, for a lot of money, cyber security is neither cheap nor easy.
But the question may be to a lot of people is why it’s so much in the headlines and takes things away from physical security. That answer is just as simple. Money, moola, greenbacks, dinero, whatever you wanna call it. It’s expensive to buy and install such programs and then implement them…it’s like a leak in a jar of pickles…it takes all the briny juice from the pickles inside the jar, leaving them dry and nearly inedible.
A cyber breach costs money to everyone that associates with a certain organization. From the retail sector, remember Target, Lowe’s, & the Colonial Pipeline Company? What about the pervasive malware and hacking breaches of health care & insurance companies? And then educational institutions with all of their social security numbers, birth dates, names, & etc.
It’s an embarrassment to the organization that has to admit a breach or their cyber defenses, not to mention the actual individual that has the oversight for cyber security…and their staff. Yet many companies don’t or refuse, to upgrade their defenses because the C-suite has no clue what they are doing. CEOs, CFOs, and others are the bean counters and don’t think it’s necessary…until a breach occurs and they’re caught red-handed in not doing what they should have done (and obviously they didn’t do enough – in most cases).
Understandably, the C-suite doesn’t want to make the investment into their cyber security or networks for several reasons;
- They don’t understand the risk, or financial loss, of a breach. Despite the innumerable news reports of ransomware in hospitals, police departments, & other places they have on blinders. And worse, according to several reports that executives rarely change their passwords
- It costs a lot of money to constantly upgrade the systems. And then of course they have to hire a professional ‘gun slinger’ who can understand and implement everything & ensure everyone else knows the value of the program, not to mention that everything works together…correctly.
- The profit of the company will go down and it will reflect on the executives & the company. Of course, the bad publicity doesn’t bother them that much…until it smothers them in a flurry of news reports.
- The shareholders don’t like spending money on something that doesn’t have a significant ROI. See above.
Therefore cyber & network security gets pushed to the back burner, or at the very least very low heat on the front burner. Usually, the IT managers get to buy programs that are safer but… Many times, these systems are completely non-compatible and it costs more money than the cost of the top-of-the-line software would have, to correct. And yes, this does happen. Let me tell you about a non-profit hospital here in the Phoenix area, and the issues their IT department has had;
In 2016, they spent approx. $2 million for new software that would allow easier recording of patient data & the changes to it. Then in 2017, they purchased more software that promised it would integrate with the previous program, at a cost of another $2.5M that would allow easier access to ordering materials for patients & staff from all departments. They didn’t integrate very well, despite the promises and coming from the same company.
Sounded great, didn’t it? The only issue was that it cost another $3M to make the 2 programs compatible, which they still aren’t fully integrated after 5 years. The rub? A software program that would have cost only $4M to purchase, install, & tech support was available, but the C-suite wouldn’t budget for it because it was too expensive.
This is a true story and I won’t name the organization, only because the denials were written in 2017 for that contingency and having to make excuses for the clumsiness of their IT Dept. and the C-Suite from accepting responsibility for the idiocy…This being despite the IT Managers wanting the better software all-in-one programs.
The C-suiters, across the world, are in denial about the cost of implementing good cyber & network security. Some are beginning to come around and put the requests for more resources & specific programs on the front burner.
But it is still the same story. As soon as cyber& network security drifts out of the public’s view it will lapse and go back to saving money for the sake of the shareholders and the executives who earn millions even after a breach and the ransom paid. That is until the wheel becomes squeaky again and a breach causes millions of dollars worth of damage.
I do have to say it is the same with physical security. When a breach of security possibly causes a loss to the company, then more money is spent on replacing/repairing what was broken and probably at a better fix instead of spit & baling wire. This naturally includes better pay and training for the security officers they bring in to effectively do the job that technology can’t do.
With workplace violence, it is virtually the same. After the many instances already this year so far, companies, by the hundreds or thousands, were scared to death of what might happen. Articles appeared…everywhere, from the WSJ, Forbes, Fortune, & many others, with hundreds of thousands, or millions, of dollars thrown into the issue of violence, usually only from the outside with the inside threat being ignored for the most part, and only with the stereotypical firearm, not the myriad of other weapons available to someone. Now…it’s a subject barely discussed…anywhere, except at security staff meetings with no interest from the C-Suite or similar management representatives.
So, what is the next squeaky wheel for the public, media, & C-suite to grab on too and blame those of us in the field? Are we prepared for the inevitable bias that will entail finger pointing & the blame, no matter what…again?
Like these blogs? Then please feel free to pass them along to friends, colleagues, or anyone who may benefit. Have them subscribe at my website: Sollars Violence Prevention Training & Consulting
It happens to Anyone…Any Time…Anywhere… For any Reason
I May Be Blind, but My Vision Is Crystal Clear
Permission to share? Of course, with full attribution.
Copyright 2021 Robert D. Sollars
Want to unsubscribe? Sorry to see you go, but…Send a blank e-mail with unsubscribe in the subject line to [email protected]