The hidden costs of building rather than buying reveal themselves over time
When the UK’s National Health Service was paralysed by a cyber-attack last week, it wasn’t hard to identify the culprit, particularly when the WannaCry malware had posted a ransom note demanding Bitcoin on the screen of every affected computer.
The NHS was the highest profile victim but it certainly wasn’t the only one, Nissan and Renault assembly plants were affected along with Telefonica, owner of the massive O2 network. At its peak, attacks were appearing on screens in 27 different languages, proving the malware had been designed to go global. A South Korean cinema chain’s advertising screens were affected, as were cash machines in China and message boards across Germany’s rail network.
As the UK government’s emergency COBRA committee convened and the cyber security branch of GCHQ got involved, it became clear how the malware had selected its victims – all were using Windows XP as their operating system. Specifically, all were using a version that hadn’t been patched or updated since its release. And Windows XP came out in 2001.
So why were companies putting their faith in an operating system that came out when people were still buying Limp Bizkit CDs? The mistake all these organisations made – and the one they’ll all now be paying a very high price to rectify – is to think of their system in isolation. In our connected world, businesses need to know that their systems can deliver optimal performance and meet business needs not just now but also in the long term.
Most likely, individual NHS hospitals have spent over a decade basing bespoke add-on systems that work for them on Windows XP. A patch that transfers X-ray images from one department to another perhaps, or software that syncs with blood analysis equipment. These additions could well have been developed in-house and one at a time, so to upgrade Windows XP runs the risk of the entire house of cards coming crashing down. Far better to simply stick with what works, right?
Wrong. What might have been fine ten years ago is no longer fit for purpose. As the world digitises, systems become ever-more connected and are migrating towards the cloud. As this happens, anyone standing still while the rest of the world steps forwards, is relatively speaking, actually going backwards.
WannaCry was the largest ransomware attack to date and while it wasn’t damaging enough to trigger digital Armageddon, it has highlighted the problem of outdated and homegrown systems. Building a one-off system using an in-house team might have seemed an appealing, cost-effective solution at the time but how has that affected growth and integration with other systems? How can businesses update when years have passed and the team that built it has moved on? Who in an organisation will dare to point to costs saved a decade ago when services are failing now?
The hidden cost of developing bespoke software in-house lies with the years of maintenance that follow. In an increasingly connected world, the logical choice is to move towards systems offering universal integration and it’s this type of technology that we’ll talk about next.
For now, we’ll leave you with this thought. Did the WannaCry attackers really think that any organisation still running Windows XP would have known how to pay the ransom in Bitcoin?
If you would like to talk further about in-house vs externally developed solutions feel free to contact us