The "RISKY BUSINESS" Blog

Our Director of Marketing posed an interesting question yesterday;  "Why do some of the people who we know need Information Assurance services not know they need Information Assurance services"? 

Always one to answer a question with a question where possible, I asked him if he carried a $1M+ Life Insurance Policy considering he has two young kids.  Long answer short: he doesn't, and on reflection, he doesn't feel it is warranted because he doesn't expect to die anytime soon, nor does he know any peers who have.  Hence, it would be a waste of money. 

"Now you know why they don't know they need Information Assurance Services!"

We call it "Ain't Never Ain't Gonna Happen Here" (ANAGHH) syndrome.  Simply put, if you have been doing things a certain way for an extended period of time and you have never had a serious problem, then you beleive you have (and perhaps you do) justifiable reason to believe that your way of doing things is effective.  Of course, you may just have been lucky.

I have a confession, I suffer from ANAGHH syndrome.  Never have really believed the malware "hype" (embarrassing to admit as a security professional).  Zero day exploits have meant zero to me.  Why ?  Because in 10+ years of brazen web surfing using Internet Explorer with Active X enabled  (virtually daring malware to infect me) I have never had a problem - until yesterday.  Six mind numbing hours later, I think (hope/pray) that I have eradicated myself of my infection (although I still feel dirty). 

So if you too suffer from ANAGHH Syndrome, whether it's life insurance or Information Assurance, with apologies to Clint Eastwood, you've got to ask yourself one question: "Do I feel lucky?  Well, do ya, punk?"