Enough is enough. Consider these headlines from the last few days:
- Computer glitch disrupts Air Canada Jazz, National Post, 06 Feb 2003
- Hard drive theft affects 650000, Edmonton Sun, 03 Feb 2003
- Sapphire/Slammer Worm Shatters Previous Speed Records For Spreading Through The Internet, Science Daily, 05 Feb 2003
There is a common theme here — companies continue to ignore security issues, and the result is significant business damage. And to be frank, this isn’t just a small issue anymore — we are witnessing the actual destruction of corporate value due to negligence! THIS IS A CEO LEVEL ISSUE NOW, FOLKS!
Consider Air Canada Jazz. Yesterday, the CEO announced they would like to sell that division in a bid to raise money. Who would possibly be interested in buying an airline that saw its entire ability to provide service grind to a halt — because a single hard drive on a single computer failed? They had no redundant backup system in place! Absolutely appalling, massive negligence with resultant destruction in corporate value. This is no small issue – at a time of critical business strategy, the organization has managed to effectively destroy significant value at the time they need it most.
ISM, a subsidiary of IBM, had a hard drive stolen due to lax security. What company might ever entrust their business to this organization again? Regardless of the spin that we will see, my guess is that ISM is finished, kaput, done. Computer services are all about confidence, and this company has truly destroyed any confidence customers might have. Through one fatal security mistake, it is likely that the company has been forever destroyed.
Slammer? Companies can’t complain — they’ve ignored security for so long.
The point is this — what more evidence do we need that SENIOR EXECUTIVES are security-negligent?
Security is a CEO-level issue – it isn’t just some small-fry geek thing that needs to be taken care of.
Until senior management wakes up and realizes that without action, they can see their corporate value destroyed over night, we’ll see more of this.
If I was on a board of any company, I would be demanding to know, from the CEO, today, right now, what the corporate attitude is towards security. If I didn’t get the answers, I’d suggest that I get them — damned quick.