IT suffers from Ostrich Syndrome: The belief that if you put your head in the sand and refuse to face facts, nothing bad will happen. Real ostriches don’t do this, of course – that would soon make them extinct. But IT does.
Finding the right amount to spend on all elements of IT (security, testing, fault tolerance etc) requires proper risk analysis. This is taught in Project Management 101, but recent events show that not everybody in IT understands this.
For example, the Democratic National Committee apparently thought that nobody would bother to attack their systems. After all, it just contained boring political emails, right? Wrong.
Similarly, Delta had apparently forgotten to attach about 300 computers to their uninterruptible power supplies, making their system very interruptible indeed. The had to cancel more than 2,000 flights.
Last month, it was Southwest Airlines who cancelled 2,000 flights, supposedly because a router went down. Talk about single point of failure…
Network segmentation, security patching, high availability, and disaster recovery all costs money. But being hacked or down also costs money. Did DNC, Delta and Southwest make the right call? I don’t think so. Maybe it’s time you looked at your risk analysis. Because you do have one, don’t you?