How to jeopardise a good business by not thinking, not talking to the right people and trying to save a few bucks…

March 17th, 2008 Drazen Drazic Posted in Bad Developers, Bad Stuff, Disclosure Laws, Dumb Security, Risk Management, Web Application Security, cyber crime |

We’re seeing this so much lately as more and more organisations are either realising they should, or are being forced into thinking about their IT security practices (eg; through the likes of PCI DSS) more.

Good businesses that have been around for 10-20+ plus years and then moving almost everything on-line…..(fair enough reasons and business opportunities need to be taken and competitive moves must be made), but gees, many do it so wrong and put a successful bricks and mortar business into enormous risk.

I’m not talking here about an ability to make money and be successful in that regard. Many develop sensational on-line business models that in many cases have allowed them to grow their traditional business and open up new markets that previously were not as accessible. They are financial successes on the Internet and many provide the basis case studies for great eCommerce texts.

The scary thing is that many organisations like this are only a hair’s breath away from potential disaster.

While the business models; value proposition, marketspace offering, resource systems and financial models are sound, their marketing is growing business, and innovation strategies continue to keep them on top of the game, many fail on the technology implementation areas that focus upon technological risks to the overall business. ie; A gap exists that endangers the whole business.

A business can go downhill for many reasons. A bricks and mortar business going out of business will in most cases have shown warning signs for a while - well most anyway (there are exceptions as we know). An on-line business can go belly-up overnight so to speak with few warning signs - at least until it is almost too late. Bad IT security practices can destroy a successful business quickly. Nothing kills off business more quickly than loss of client confidence and reputational damage.

So many organisations we see, neglect to consider the technological risks in the context of overall business risks. Playing online can make these technological risks business killers. We’ll soon start to see more case studies on this.