All things fade and quickly turn to myth. – Marcus Aurelius (Unless we take and implement lessons learned into our myth creation.)
Can incidents like COVID result in long term shifts in how we do business? Or is it a longer term crisis-du-jour, with underlying issues remaining unresolved?
Remember Fukushima? What about MERSA? How about Hurricane Katrina or NotPetya? All were significant events in their own right, all requiring massive amounts of attention and effort to mitigate – temporarily.
Any one of these events could have led to a significant change in how we responded to similar events; moreover in how we put things into place so the recurrence was less likely.
For the local populace and a limited time, they did.
But for larger, global organizations what did those incidents amount to? Limited response and quickly forgotten lessons learned.
With the pandemic underway and our responses caught in undertow, we have a brief glimpse into new possibilities on both ends of a spectrum: fully remote workforces offering potential growth balanced against government interdictions into transit, spending, and business management behaviours. We have seen recovery in the form of adjusted work-life balance, culling of businesses which cannot or will not adapt, and massive printing of money. All of these may (in some cases, will) have impact on moving forward into the next decade. Some will take years to resolve. Many will never be resolved.
All the incidents of late, along with many others in the recent past, have supported a disturbing trend of accepting crisis as part of the normal course of business. Collectively battered, we hunker down and wait out the crisis-du-jour’s passing, rather than seeking proactive, or even worse, preemptive, solutions.
We’ve the patience of an abuse victim. Why?
In part it’s overwhelming to shift; devoting time and resources to counter things that may never come to pass again.
In part, we don’t feel ownership for the response: who are we as individuals or businesses to counter a nation state masking state operations as criminal activities? Not part of the job, not part of our world. (Not my circus, not my monkeys.) But primarily it’s a matter of convenience, as all we really have to do is keep ourselves on track.
COVID and the continued persistence may shift this paradigm, if it becomes something we can no longer ignore.
Perhaps it should.
In theory our collective response could counter the notion of waiting to see the results before acting – with every major incident considered a wake-up call at the time, with few waking.
*Note: Soon, the shift will come where people and organizations are going to look for where they belong in cyber. All it’s going to take is an institution to start offering community within information security and you will see the shift in affiliation. To start, it won’t even seem like that much; but humans are social creatures, they are waiting for cyberspace to feel safe and protected. To do so means some organization needs to plant the flag and offer the chance for clients and consumers to be part of what each major institution spent millions and hundreds of millions on.