The security risk of technical debt
Scott Huxley
?? Driving Business Value by Reducing Technical Debt | LinkedIn Humorist ????
The subject of technical debt is an interesting one, a topic that is not discussed very often. So, what is it, and how does it create a security risk for your business?
When we talk about technical debt, the simplest analogy I can share is credit card debt. Yes, you can keep making minimum payments to keep your head above water; however, eventually, for many people, it can financially ruin a person. Technical debt has the same potential result for your business.
A great example of the definition can be found here thanks to Gartner.
As your debt continues to rise unnoticed, the result will eventually become very apparent. At the same time, it can be very expensive to resolve and will be due all at once!
Failure to address results in huge security gaps
Does your current IT partner deliver security assessments to evaluate your current security posture? If not, I recommend you have that discussion.
Ask anyone in the technology industry, and they will tell you that cybercriminals are investing heavily in their businesses.
With the increased use of AI technology and automation, together with increased penetration capabilities, the risk has never been greater. Let's take a look at some common items I see:
领英推荐
So, whilst your email is working and things are seemingly good - they are not. You are as the saying goes an accident waiting for a place to happen.
Escaping the technical debt trap
Firstly, stop digging the hole. Technical debt represents not only a security risk but also impacts your business in so many other ways. From security to productivity, it represents a huge threat to your ability to serve your clients.
I recommend you begin with an assessment of your current situation. If your IT provider is truly proactive, obtaining that information should be simple.
Every review or assessment is a point-in-time snapshot, however. This is why I always recommend a penetration test at least yearly. That assessment should cover the entire organization, including remote workers if you have them.
Any debt can be resolved with a great plan to tackle it. However, the key is to know where you are and where you need to be. If you don't begin today, a cybercriminal might just come along and help you find it.
Securely yours,
Scott
Chief Security Officer / Chief Information Security Officer / Chief Privacy Officer
3 个月Technical debt follows two paths. Unrecognized Risks and Unfunded Risk Reductions that are not undertaken for Profit, Bonuses, Stock Incentives or Institutional Biases. Unrecognized Risks come from People failures and/or lack of People to identify the Risk and Communicate them properly Unfunded Risk Reductions are most often just poor management decisions somewhere from Line Managers up the chain to Senior Corporate Officers and Board Members. Technical Debts are the results of a lack of Vision and/or a lack of Institutional Due Care. Insurance will not cover either going forward. Your stock price will.