En passant
Lovers of chess may be familiar with the en passant rule. The first time a pawn is moved in chess, a player may elect to move it 2 steps forward instead of one. If that particular pawn is moved only one step, the opportunity is forgone. In en passant, you cannot move 2 steps if the opponent's pawns on the adjacent file has already encroached on your pawn's 2-square march. If you must move that pawn, you are compelled to place it- only one square forward- where it may be picked off by the enemy pawn. Inaction or delayed action leads ultimately to destruction.
Why the chess talk? The analogy is similar to a situation we encounter quite often in business. An organisation lays out mid to long term plans but delays on executing some of the more radical steps that could boost its position. Often, compromised vision, a lack of will or both prevent one from planning for the dark day that guts and risk registers have warned about.Less commonly, these delays may be for valid reasons like access to capital and investment, prolonged lags between R & D to product launch, external regulations and 'acts of God'. Even these must be factored into planning because excuses never write paychecks. Irrespective of the cause or excuse, the delay happens and instead of two progressive steps, we can take only one step or none. Suddenly, we are faced with the 'unlikely' incident that we wished would exist only in our corporate nightmares. Suddenly, the phones are ringing off the hook. A war council is instituted, orders are barked and someone has to fix this- no excuses, just fix it. But the unforgivable excuse has already been made. The ignored risk register or the uncaptured voice of an employee who owns the deliverable and who was aware just how likely the event was, but tragically, was ignored.
On 12 May 2017, more than 230,000 computers in over 150 countries were infected by the Wanacry ransomware. The specific vulnerabilities exploited had been identified by the NSA and then leaked online. Prior to that leak, many IT experts had made a case in their respective companies for upgrading from the long outdated Windows XP- in many cases, with little traction. Most of these reports gathered dust on risk registers that took precious hours to prepare. A subsequent opportunity for redemption arrived in Microsoft's free patch to fix the vulnerability. This too, in so many cases ended up unseen or just plainly ignored.
Enter Wanacry. From the NHS in England to Deustche Bahn, the worm decrypted files, rendering work impossible and costing shareholders and taxpayers a fortune. It wreaked untold havok on so many lives. Suddenly, there is a budget for upgrading and protecting systems- too little, too late. Not only as a result of the impact from service failures, lost hours and data. Also, the new crop of cyber criminals inspired to search for vulnerabilities, the tweaks to the source code that may bypass the kill switch and affect any residual users of Windows xp. All excuses for delaying the migration from the xp platform are now conclusively perforated on all sides. One is compelled to make the change that was held off for so long, or sink.
If only, there was a tardis with which to turn back the hands of time- or, if only we had taken two steps forward. But alas, progress was delayed ergo en passant!