There are very few more pressing issues in management today than cyber security. Notice that I didn’t say IT management; I said management. When the hacking of a major US retailer (Target) leads to the loss of billions of dollars in stock value and sales and the removal of not only the CSO, but the CIO and ultimately the CEO as well, stockholders, investors, and customers take notice.
Organizations worldwide depend increasingly on information and communications technology to operate and manage 24/7/365, and wireless devices, BYOD, social media, and the like all combine to make the jobs of those responsible for cyber security exponentially more difficult. Like the Dutch boy and the dike, security people worldwide have too many holes to plug and too few arms and fingers. Recently, I was watching a 1960s spy movie in which the agent had to find and access physical documents on site, take pictures of them, reduce the photos to microdots, paste the dots in place of periods in another document, and then smuggle those documents past the authorities. Today, an equivalent theft can be done remotely, often from another, hostile country, at light speed. And Edward Snowden’s 2013 disclosures about the doings of the US National Security Agency (NSA) amply demonstrate what a skilled technical organization with nearly unlimited resources can accomplish from half a world away.
In a recent edition of Cutter IT Journal (see “Data Hacking: No Day at the Breach“), we have collected the viewpoints of five serious thinkers on some of the most troubling security issues involving perhaps today’s most troubling business/technology area. Clearly, this CITJ cannot solve the major issues with cyber security. However, as we have found out in so many other areas, solutions frequently begin with understanding the underlying problems, which then leads to future technology and management directions. While no one will be able to create an impenetrable fortress even with this insight, thoughtful business and technology management planning vastly improves the odds that an enterprise’s security problems will not be the lead story on the evening news.
Looking ahead, it is clear that cyber security is one of the most important keys to the future of technology and therefore whole business segments worldwide. In a short two decades, the amazingly rapid development of the Internet, wireless, and smart devices has revolutionized huge parts of the world.
Today, nearly every industry has been touched by technology and cyber security. Farmers, for example, are apt to be as interested in their big data and its security as are Wall Street brokers. Qualcomm, the chip maker, which got its start helping trucking firms track their trucks and drivers, was accessing and securing critical analytical data decades ago. And FedEx and UPS were developing their own home-grown systems to help customers track their packages some time before Amazon began to automate its delivery systems. Now, in just the span of 20-plus years, we have seen four or five generations of technology evolve, each providing enormously greater capability — and posing enormously greater security problems.
Because of the awesome speed of these changes, not every technology segment has kept up. For the first 20 years of its existence, the Internet was a system used by researchers, and security was based on trust. In the beginning, the developers’ issues centered around bugs, not viruses. As a consequence, the Internet and its security were designed to be easy to use, not easy to safeguard. Now, we are all paying a high price for that oversight, even though no amount of planning could possibly have anticipated all of the outcomes that all of these technologies evolving together could produce.
But no matter how large or small our organizations are, we cannot just wash our hands of the data security problem — there is too much at stake. As responsible managers and professionals, we must work to develop ever-better techniques and technologies to deal with data breaches and cyber security. This means not only utilizing the most sophisticated technologies, but also the best, most foolproof procedures. Even the most secure vault is of little value if we don’t remember to put our valuables in it, turn the lock, and remember the combination. The same principle is true of data breaches. We have to understand what is important, what the result of information falling into the wrong hands will be, and what we can do to ensure — to the best of our collective ability and technology — to make sure that doesn’t happen.