Hackers Are Patient and Persistent – Your Employees Are Not

After having a great ride in cyber security for over four years, I was excited to get back into collaboration with BA Insight just over eight months ago and also join a former colleague of mine, Mark Aschemeyer. People often ask what I do for a living now that I have joined BA Insight. Initially I said, “I help corporations and organizations improve productivity through more efficient collaboration,” (or some similar marketing sounding phrase).  Usually this leaves the questioner with a glazed, disinterested look, with no follow up questions.  With some reflection, I now describe what I do as, “I help people find information at big companies.” A much better answer.

This differs from my experience in the cyber security world, where the goal is almost the exact opposite of helping people find information.  One of the mantras of information security is to make sure that hackers cannot break in and only allow employees access to authorized information needed to do their jobs.  Corporations and organizations spend millions of dollars and employ hundreds of staff to keep information from hackers, often by keeping information in silos. Cyber-attacks happen every second of every day, and hackers are patient, often spending weeks or months on a company’s network doing reconnaissance to find the right silo of information which is the “pot of gold”.

What surprises me when speaking with organizations now, however, is the lack of investment and strategy to actually enable employees to find information needed to do their jobs. Sometimes it appears as though they are doing to employees the same thing that they do to hackers- making it difficult to find needed information, adding countless hours or days to the process. There are good reasons for information to be in a variety of systems, which creates silos. However, this then results in treating employees like hackers. Employees, unlike hackers, are not patient or persistent and will only search two systems on average to find the information they need. If they can’t find it, then most will give up. Employees should be treated as customers as opposed to potential intruders. With the rise of mega consumer search experiences (Google, Amazon Shopping, Trip Advisor etc.), employees’ expectations continually rise, as does their lack of patience and persistence.  The irony of hackers putting in tireless effort to find information to do their jobs, and the lack of will for employees to find the information to do their jobs, is not going to end anytime soon.  Maybe there should be a help desk run by hackers in an organization to help employees find information?

All kidding aside, from my perspective, the investment both in money and staff in helping employees find information with enterprise search tools and an ongoing search strategy is severely lacking at most organizations.  CIOs and CEOs usually don’t get fired for having a bad enterprise search experience at their companies, but will get fired when there is a data breach. However, and equally damaging to a corporation’s bottom line as a data breach can be, employees will be unproductive by either wasting considerable time searching for information or by simply giving up.

So enough with the gloom and doom. On the bright side, almost all companies I speak with admit to their enterprise search problem. In addition to the recognition of the problem, most companies also recognize the effort it will take to fix the problem.  A smaller subset of companies has a focused strategy and willingness to allocate resources to begin in earnest to improve findability for their employees.  There are no shortcuts, despite what you might see on an IBM Watson commercial. Users need to find relevant information across multiple systems. Luckily there are solutions to help eliminate these silos and make employees productive again. So, let’s put forth an effort to let the good guys in and keep the bad guys out by making it easy for employees and hard for hackers to do their jobs.

Leave a Comment





For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

If you agree to these terms, please click here.