Your Personal Titanic Moment

On a recent interview about the?Titan?sub catastrophe, the director of the movie?Titanic?James Cameron, who has made 33 successful dives to the?Titanic?wreckage site, pointed out that this tragedy is eerily similar to the 1912?Titanic?disaster: the captain of the 1912 RMS?Titanic?was repeatedly warned about ice ahead of his ship, yet he plowed ahead at full speed into an ice field on a moonless night, resulting in the deaths of over 1,500 innocent souls.

The captain of the sub-Titan?and CEO of the company OceanGate, Stockton Rush, was also repeatedly warned about his vessel’s safety, lack of certification for the vessel’s integrity, lack of a tracking device (think airplane black box), their experimental approach to deep dives (although this is a very mature and well-understood practice) and lack of a backup sub. He also proceeded to plow ahead at full speed, taking people in an extremely unsafe vehicle and also killing innocent people. If there was ever a case for willful negligence, this is it.

When it comes to IT security and compliance for small businesses, this kind of?willful negligence?is rampant. Sometimes it ends with an abrupt, catastrophic “implosion,” as with the?Titan, where a ransomware attack destroys a company, operations shut down, unable to transact, employees and clients are harmed, and their reputation is tarnished.

In other cases, the risk is there but hasn’t been addressed because nothing bad has happened –?yet.?Willful negligence in IT security and regulatory compliance with data privacy and protection comes in three forms.

The first is willful ignorance.?Some people running a business are young and inexperienced, too new to the business world to understand the risks they are incurring by failing to protect their clients and themselves. Often, they are being advised by the wrong people – an IT firm that knows how to make their tech work but lacks the expertise to implement good security protections. You kind of can’t blame them for getting it wrong?initially, but at some point they’ll get smacked with a cyber-attack and learn the error of their ways the hard way.

The second type of willful negligence is?willfully?stupid.

This group CANNOT claim “ignorance” as their defense. They KNOW they should protect their business and clients’ data from cyber-attacks. They’ve heard the stories, they know the laws, and may have been warned by their IT company or person, but foolishly believe “that can’t happen to us” or choose to assume they’re “fine” because they are using a cloud application that promises compliance (which is correct for THEM, not necessarily for YOU). They trust but don’t verify that their IT person or company is doing what they’re supposed to, and often lack cyber liability insurance, choosing to take the risk because they’re cheap or can’t be bothered.

The third type of willful negligence is the TRUE meaning of willful negligence and the most immoral and unforgivable.?Determined negligence.?These people stubbornly insist on continuing to operate without proper security protocols in place, without a disaster recovery plan, without any insurance, without assessing and inspecting their environment and refusing to?acknowledge?ALL facts, history, and evidence to the contrary. They know they are acting irresponsibly but don’t care.

After the tragedy of the sub, multiple experts came forward to point out all the risky behaviors Rush was allowing. The hull had not undergone cyclical pressure testing or thermal expansion and contraction testing. The hatch could only be opened from the outside and not the inside, which wouldn’t allow them to escape if needed in an emergency – one small fire inside would have been catastrophic. No atmospheric system to monitor interior gases such as oxygen, carbon dioxide, and carbon monoxide. No emergency air-breathing system. The viewing window was only certified to 4,000 feet, not the 12,500 feet of the?Titanic?wreck. But the most egregious of all was an egotistical assumption by the CEO that he knew better than everyone else around him.

I'd like to know if he put all of this in the brochure and explained that philosophy to the people in the sub who lost their lives that day.

Everyone makes mistakes. Everyone has a moment in their lives when they place trust in someone they shouldn’t. Everyone has blind spots; we’re all ignorant and misinformed about?something. The question is, do you STAY?willfully?ignorant or stupid to the point of being?determined?to hold steady to your course of action to the point where you harm yourself and others as well?

If you do, it’s only a matter of time before you have your ship sunk, your own personal?Titanic-size wreck. Sadly, suppose you’re the CEO of a company that holds financial data, credit cards, medical records, tax returns, Social Security numbers, birthdays, or even the contact details of your clients OR employees. In that case, YOUR willful negligence in cyber protection will absolutely harm others.