Software bugs can be a royal pain. As is the case with real live insects, some software bugs are more deadly than others. Although the glitch making your Sims character all stretchy and crazy looking is annoying, it is nowhere close to as life changing as other bugs can be. For example, the bad automated financial trade that cost Knight Capital Group $440 million in August of 2012 is one of many possible glitches that could potentially rock the future of any company that may lack proper risk assessment. As Richard Gardner, CEO of Modulus Financial points out in an article by Matthew Heusser, lack of software testing can increase threats within an area that, even before technology, was automated and required a system of checks and balances:
One day I will tell stories to my grandchildren about how I used to trade the stock market by calling a human broker on a landline telephone. I would give my broker the order to buy a stock at a certain price and simultaneously place a “stop loss” order below the price where I purchased, so that if the market turned against me, I would be automatically “stopped out” and would suffer only a small loss on my totally account. Even in that scenario, a form of automated trading was occurring. It was just that my broker was carrying out my instructions and not a computer. Of course, a computer can perform instructions much faster than a human, [but]a computer doesn't have the common sense to identify problems unless explicitly programmed to do so.
Just as in the movie Office Space, some bugs are created maliciously rather than by accident. To prevent this, employees should expect and be ready for regular audits of logs, network security, and source code information. A list of tangible and intellectual property needs to be made, and everything on that list needs to be labeled as secure or insecure with no items left in limbo between the two. Covering all items and checking them makes hacking a system increasingly more difficult. In other words, plug up all security holes.
If all else fails and a breach occurs, it is to one's benefit to understand and recognize what a breach looks like. Insiders who know the system are most commonly those guilty of any hacks. However, through constant checks, these insider hackers can be realized and brought to justice. Since insiders tend to present a greater security risk than outsiders do, Gardner stresses that “checking into work should be a lot like going through airport screening.”
The threat of cyber warfare is as real on a business level as it is on a national level. Gardener compares internet risks to external risks:
Risk is a dynamic and subject to often unquantifiable constant change. While a company may be targeted by a hostile nation for working on a small government contract, Joe's Barbershop may get hit with a relatively severe attack from hacktivists for a socially motivated concern.
The major message to take away from all this is that failing to manage risk is quite possibly the biggest risk one can take.