Friday, December 12, 2014

IT and Data Security and the Risk to Christmas and the Global Economy

Come let us build ourselves a city, with a tower that reaches to the heavens, so that we may make a name for ourselves. ~ Genesis
I have a sizable collection of books in my library, in fact I have a tower of books in my office that is a danger to small children.  Many of the books in my collection are on the topic of technology strategies for businesses.  This collection represents a passion I have for connecting business strategies and new technologies together to improve business performance.  I have, however, learned over the years that with new technologies comes new vulnerabilities that must be considered as part of the adoption strategy.

Today, 27 missiles can destroy our entire commercial global GPS system, and another 2,465 missiles or laser attacks could destroy every active satellite we have in orbit.  That represents a new and emerging vulnerability to our digital economy.

We have seen demonstrated this year that private and government sponsored hackers can bring down markets, transportation systems, communication networks, financial systems and utility grids.  We have seen this month how cyber-attacks, suspected to originate from North Korea, can dramatically impact an entire industry (Entertainment). Cyber-attacks are fast becoming the weapon of choice for countries and organizations with limited funds and military capabilities.  It is a way to maximize the damage they cause for the investment - a kind of bad guy ROI.
Experts believe that for impoverished North Korea, expanding its warfare into cyberspace is an attractive choice because it is cheaper and faster to develop malicious computer codes than to build nuclear bombs or other weapons of mass destruction. Online attacks can be performed anonymously, another upside for the infiltrators. - AP By: YOUKYUNG LEE, December 18, 2014
For all the benefits technology enables, it also makes us more vulnerable to computer and software failures and cyber-attacks (See Flights Disrupted After Computer Failure at UK Control Center).
Philosopher and Urbanist Dr. Paul Virilio said, "To invent something is to invent an accident. To invent the ship is to invent the shipwreck; the space shuttle, the explosion. And to invent the electronic superhighway or the Internet is to invent a major risk which is not easily spotted because it does not produce fatalities like a shipwreck or a mid-air explosion." ~ An Interview with Paul Virilio." in: Apres Coup Psychoanalytic Association. January 2005.
Today, however, fatalities can result from problems with the Internet and associated systems because they touch so many important systems including healthcare systems (see We have placed nearly all of our systems of importance on the Internet and into the cloud.  Our military runs on a network centric strategy and our economy as well.  Cyber-attacks today are a most serious threat.

Dr. Virilio identified the fact that all new technologies include new and guaranteed accidents or vulnerabilities.  It doesn't mean we don't pursue them, it just means we need to acknowledge the associated risks, prepare for and manage them.

We are hearing a constant drum beat of the successes hackers and cyber-attackers are having in their attacks on our financial and payment systems, and the theft of our personal data.  When will this become a true priority for "C Level" folks?  It is not just their own companies CEOs are risking today, every interaction and transaction connects businesses to individuals.  Our personal data is now intimately tied to the companies we do business with, and as recent events have proven our data is now in real jeopardy.

Shouldn't we, as customers, be looking to penalize businesses with poor IT security practices and systems?  In a world where our data is currency, the protection of our data is vital.  It is a personal and national security issue.  We need a understand the importance of IT security and data to global economies, and then take the necessary steps to protect them.
The original industrial accidents as, for instance, the derailment of a train or the crash of an airplane, were all specific, localized, and particular accidents. They were taking place at a certain place and at a certain moment in time. Now, however, the revolution of instantaneous transmissions brought about by telecommunications makes the accident global." ~ Virilio Paul and Andreas Ruby (Interviewer). "Surfing the Accident. in: Institute for the Unstable Media. Publication "The Art of the Accident." 1998. (English).
I have seen steps in the right direction.  In 2011, the United States military designated certain kinds of cyber-attacks as "acts of war" that would be treated as such.
WASHINGTON—The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.  "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.  SIOBHAN GORMAN And JULIAN E. BARNES, May 31, 2011
I am no fan of war, as I have a son in the military, but we must recognized the seriousness of attacks that cripple our country's infrastructures, economy and security.

As a passionate mobile industry analyst and enthusiast, I am eager for us to solve these cyber-attack and data security issues. We clearly have a massive global problem that needs solved, and the solution is not just a series of small start-ups with clever technologies.  It is bigger than that.  It is a global economic and security issue.  It needs the highest levels of emphasis and collaboration.

We need to be the vanguards of IT security and data protection.  What are the steps needed?  Here are some ideas to consider:
  • Elevate defense against cyber-attacks to a corporate, IT, economic and national security priority.
  • Recognize cyber-attacks are not just an individual company's IT problem or inconvenience, it is a national economic and security issue.
  • Measure executive's on their company's IT and data security practices and performance and base their compensation packages at least in part on these measurements.
  • Encourage all companies to prioritize IT and data security, and to educate IT staff on how to best respond to cyber-attacks.
  • Develop standards for IT and data security practices.
  • Motivate companies to meet these IT and data security standards by certifying them and publishing the results.
  • Encourage consumers to support certified businesses.
  • Organize independent IT and data security auditors that certify businesses against these standards.
  • Enforce stiff penalties against countries protecting organizations involved in cyber-attacks. 
The digital economy is growing exponentially, but cyber-attacks, left unchecked, will halt the digital economy like the Grinch Who Stole Christmas [data].

Kevin Benedict
Writer, Speaker, Senior Analyst
Digital Transformation, EBA, Center for the Future of Work Cognizant
View my profile on LinkedIn
Learn about mobile strategies at
Follow me on Twitter @krbenedict
Subscribe to Kevin'sYouTube Channel
Join the Linkedin Group Strategic Enterprise Mobility
Join the Google+ Community Mobile Enterprise Strategies
***Full Disclosure: These are my personal opinions. No company is silly enough to claim them. I am a mobility and digital transformation analyst, consultant and writer. I work with and have worked with many of the companies mentioned in my articles.