Don’t wait for the disaster before acting

Hindsight is uncomfortable when considering incidents that could, and should, have been avoided. And yet it appears to be something too many organisations are failing to realise, as David Ward of Ward Security explains.

It’s hard to think of a time when uncomfortable hindsight has been more prevalent. Whether it’s the increasing number of cyber-attacks affecting large organisations, or dreadful tragedies such as Grenfell Tower fire, the zeitgeist dominating the news agenda is one of lessons not being learned and warnings not being heeded.

That large corporations such as the shipping line Maersk, the advertising company WPP and FedEx are still struggling with the effects of their recent cyber-attack show the degree to which these incidents can affect huge well-established businesses – businesses that perhaps should have been better protected, and indeed which have the resources to ensure they have adequate cyber-security in place.

It’s not as if the world hasn’t provided enough warning through example. Major organisations being crippled by cyber-attacks are frequent and are covered extensively in the news. Surely the organisations that have so far escaped attack are heeding the warnings and shoring up their defences? Unfortunately, it would appear not. Every new news story of a major organisation being hit is just another example of lessons not being learned and warnings not being heeded.

There is no gleeful satisfaction to be gained from “I told you so” or “You were warned”, especially when it concerns incidents that affect lives and livelihoods.

At the same time, we all have a duty to warn each other about threats and the risks of not being prepared, and a duty to watch what goes on around us and to consider how we could be affected.

This doesn’t just apply to issues such as cyber-security or fire safety. Whether it’s the issue of having adequate insurance, protecting your business’ intellectual property, having adequate physical security in place, or even having the correct employee policies in place, it makes no sense to wait until a disaster, a problem or an incident before addressing these issues. Situations and threats change, and businesses and organisations should always be thinking about what could go wrong and what they can do to ensure the worst doesn’t happen.

Protecting your organisation’s reputation should be the minimum driver for developing a culture of preparedness and ongoing self-assessment. But fear of the worst-case-scenario should also be considered.

At the very least, an incident can damage your reputation in the marketplace. At the very worst lives can be lost.

Within the world of security is it crucial to conduct ongoing or periodic assessments of your security stance, and it is something we should all feel comfortable with. After all, if there is a spate of thefts from garden sheds in our neighbourhoods, we are all comfortable with checking our own sheds are locked. The same should apply to our businesses.

We should all be paying attention to the news and the new threats that constantly emerge. When another organisation suffers we should ask ourselves ‘Could that happen to us? What can we do to ensure it doesn’t?”

It simply doesn’t make sense to ignore threats or warnings until they become uncomfortable realities. Horses and stable doors.