42% of Millennials won’t use their credit card on their phone. What’s going on and how, as an industry, can we address this trend?
Technology is now deeply integrated into our lives and there is no question that this will continue. At the same time, people are less and less trusting of technology. As technology spreads into our homes via the Internet of Things (IoT), into our vehicles via connected cars, onto our bodies via wearables, and into our bodies via injectables, the data is becoming more and more personal. Equifax was bad enough, just imagine if the data stolen were about what time you go to bed, where (and how) you drive, or…your heart rate?
This makes “personal data” a lot more personal. And that means it can be used for much more nefarious schemes.
“Data is the new oil,” says Shivon Zilis, a partner with the venture capital firm Bloomberg Beta. Unlike oil, we’re producing more of data everyday and the more we produce the more valuable it becomes as new connections, conclusions, and insights are developed. This is especially true of our personal data and the myriad parties vying for our attention and money.
It’s an irresistable treasure trove for those less scrupulous amongst us. Data is the ultimate stealable asset; none of the hassles of stealing physical stuff, high value, easily transported, and (if you’re good enough) you can be completely invisible and anonymous.
Add that, most of us most of the time, are carrying a connected device (or several) with us and that the data is becoming increasingly personal (as noted above). Already we are seeing connected devices used in domestic abuse cases* where the devices are used to both gather information and take control of someone else’s life.
Our people and our devices are forming an intricate web of interactivity that is itself generating tons of data that increasingly exists online or, at least, is traceable online. More of our lives and our relationships (to people and entities, like the library) are hackable.
There appears to be no stopping the inexorable trend of our lives becoming evermore digital. IoT is bringing the internet to places we never thought possible (like our light switches or bedrooms or senstive laboratories), and this is a well-known security risk. Yet the public and many businesses seem readily willing to give up their security for convenience and (probably) the thrill of having these latest tech toys.
There are also new technologies on the way that will only increase the pace of this trend. 5G will put huge bandwidth in our pockets, which will vastly increase the volumes of data flowing around us (and about us). New medical technologies will be integrated with our clothes and, amazingly, will reveal data from inside us (now, that’s really personal data!) and store that in the aether. How valuable might that data be? And, beyond that, what might someone be able to do with that data? [It’s already been used in unexpected ways to sway elections around the world; what else might be possible?]
Every company–virtual or bricks-and-mortar–will generate quantities of data. In many cases that data may be more valuable than the (word) value of the business itself. Any new business has to evaluate how they are going to deal with the data they produce; indeed, many new businesses will be much more valuable based on the type and quantities of data they generate and capture.
Yet, despite all of this, security remains a gaping hole. There are so many connections between devices that reliable security is going to require a sophisiticated, multi-layered, flexible approach that is highly granular and enviornmentally aware. An approach that merges data and physical security, so that every connection point (a physical presence) is secure, and all of the data they produce and transmit is strongly encrypted. An approach that can scan the internet for new information, predict new threats, and use that to inform every connected device how to react.
Andy Grove said it best: “Only the paranoid survive.” While he meant it in a slightly different context, it is well applied here. Assume malintent until proven otherwise. Verify then trust. And make sure that all of your devices and software follow that dictum. Keep everything up to date.
Personally and professionally the risks are tremendous and getting higher. We need to be the security we want in the digital world.
On a personal level what does security mean? It means you being in control of your data, from every device, to every server, while resident in the cloud, and during transmission. Ultimately no one is looking out for us, no one can keep us safe, without our active participation in our own security.
On a business level it means that, from now on, anything connecting to your network, from hardware at the core to users and apps from the extreme edges, has to be known secure. Anything on your network should be designed with integrated security, not laid on top. The enterprise faces incredible risks; break-ins threaten your IP, customer data, financial records, any data you value, and your reputation. Your business is, literally, on the line.
We can all hope for a time when we can, once again, be less paranoid. Until then, secure everything, always. Be energetically proactive. Act like it’s urgent, because it is. The digital universe moves fast and not keeping up gets riskier all the time.