Information security. Everybody needs it — everybody knows they need it — but surprisingly few are doing anything to ensure it. In spite of information security being an issue since the dawn of computing machines — you know the rough equivalent of hacking existed even in Pascal’s and Babbage’s day — there aren’t enough individuals or corporations today who take information security seriously. Our tendency is to trust until someone breaks that trust, in spite of what we know about human behavior (and don’t know about the other party in any given electronic transaction).
Just like the best drivers are those who drive defensively, we need to adopt defensive behaviors if we’re to survive and prosper in the Internet society. Here are several reasons why we should make information security a top priority, if we haven’t already.
1. The Number of Information Security Incidents, as well as Companies and Individuals Affected, Continues to Grow
You have to have been living under the proverbial rock or a true Luddite not to notice 2014 was a banner year for identity and data thieves. The following is a very short list of companies — and their customers — that suffered severe to near-cataclysmic breaches last year:
- Home Depot
- JPMorgan Chase
In the vast majority of information security incidents, organizations did not take even the most rudimentary precautions. Precautions to security-minded individuals are serious inconveniences to everyone else, and most of the squeaky wheels are on the side of greater convenience. Organizations, if they’re not, have to start thinking about protecting their information like they do every other asset.
2. Mobile Devices
The ease and freedom of portable all-in-one devices — why do we persist in calling them “phones”? — as well as the ability to contact anyone anywhere, at any time, ensures that they aren’t going away. (Duh!) However, their ubiquity and the fact that few organizations have anything resembling a BYOD policy — not to mention the lack of means to enforce said policy — poses very real and immediate risks.
As has often been said, “With freedom comes responsibility.” With the freedom that mobile devices afford us, we are still responsible for keeping our data secure.
3. The Internet of Everything (or just Internet of Things)
The makers of our mobile devices want to push the Internet out to virtually every device that is — or can possibly be — controlled by a computer. We have seen this future to a limited extent — witness the growing number of apps that can connect with your automobile and your home. (For example, my wife has had a 2011 Ford Edge since it was new; that model year was the first for MyFord Sync.)
With the ability to connect one device to practically any other via the Internet comes a significant growth in the number of critical control points, or points of failure. Naturally, this increases the need for — and complexity of — security, so many of us will likely opt out. Not saying you should not want the Internet of Everything, or IoE — just be careful what you wish for. For a moment, consider the possibility of coming home to a cold, empty dwelling, thanks to the IoE.
4. The Cloud
The cloud: Where the IoE will come to fruition. Actually, the goal is to have all information in the cloud someday. Once it gets there, that information is no longer yours. Oh, you may think it is because it started with you, but any semblance of actual possession and sole ownership of your information goes away once you enter the Cloud. It’s like Hotel California: you can put your stuff there any time you like but it never really leaves.
Again, not saying you shouldn’t venture into the Cloud. You should always take precautions. Be alert and on guard. Undesirables inhabit even the best neighborhoods.
5. Artificial Intelligence
It’s a fine line that separates nice people like you and me from the psychopaths of this world. Where we grow up, where we go to school, who we hang out with — ultimately, how we turn out — is a matter of chance. Too, random biological events — like mutations — influence what we become. It’s a system of sorts that has worked out well for some, and not at all for others. We don’t like surprises or chance or risk, so we do what we can to remove them…even if the result of our interference in the “natural order” may be creating a different kind or level of risk.
So it is with AI. Humankind is too flawed — too slow, not intelligent enough, too imprecise, unwilling or unable to change, doesn’t know everything — for its own good. We’ve had thousands upon thousands of years on this planet and yet we keep making the same mistakes. We have too many imperfections to be of use to us, but there is a way around our shortcomings. Remove humans from everything and replace them with artificially intelligent “beings”. Something less than and, at the same time, more than us.
Once this genie is out of the bottle, it will never go back in, which brings several questions to mind. Once we abdicate authority and responsibility and let computers do everything and run everything…what is humankind’s purpose? And because it is mere humans, flawed as they are, who are developing AI, where’s the guarantee that they’re going to point us in the correct direction?
If there is anything we humans have shown ourselves consistently capable of, it’s mucking things up. It’s less likely that we have, and will continue to have, adequate controls in place to eliminate or reduce the risk.
To sum up: Information security should be everyone’s top priority in the coming year. The risks to our business and personal lives are only going to increase in frequency and severity.
* * * * * * *
- “5 Data Breach Statistics Worth Knowing”, Paymetric, 19 June 2014 – http://www.paymetric.com/uncategorized/5-data-breach-statistics-worth-knowing
- Bradley, Tony, “Data Breach Trends for 2015: Credit Cards, Healthcare Records Will Be Vulnerable”, PC World, 3 Dec 2014 – http://www.pcworld.com/article/2853450/data-breach-trends-for-2015-credit-cards-healthcare-records-will-be-vulnerable.html
- Cearley, David W., “Top 10 Strategic Technology Trends for 2014”, Gartner Group, 19 Feb 2014 – https://www.gartner.com/doc/2667526?ref=unauthreader&srcId=1-3478922225#a-14327807
- “Global State of Information Security Survey 2015: Key Findings”, PriceWaterhouse Coopers, 2014 – http://www.pwc.com/gx/en/consulting-services/information-security-survey/key-findings.jhtml
- McGarvey, Robert, “10 Biggest Data Breaches of 2014 (So Far)”, Credit Union Times, 6 Oct 2014 – http://www.cutimes.com/2014/10/06/10-biggest-data-breaches-of-2014-so-far
- Roman, Jeffrey, “Infographic: 2014’s Top Breaches (So Far)”, Bank Info Security, 7 Oct 2014 – http://www.bankinfosecurity.com/infographic-2014s-top-breaches-so-far-a-7408
- Solis, Brian, “25 Technology Trends for 2015-16”, LinkedIn Pulse, 6 Jan 2015 – https://www.linkedin.com/pulse/25-technology-trends-2015-2016-brian-solis