Whether inspired by a new piece of technology or a science fiction film, few of us find it difficult to imagine what the future may hold. And when we do, whether it be flying cars, teleportation or even self-lacing shoes, most of us are imagining futures with technology that will effect positive change. In fact, nearly 60 percent of Americans are optimistic that coming technological and scientific changes will make life in the future better, according to a survey by the Pew Research Center.
That’s not to say that we don’t consider the potential risk technology poses. It seems that every time there’s an announcement of a new technology or gadget, discussion of threats and risks follows closely on its heels. Consider Apple’s recent announcement of the iPhone X, which includes facial recognition technology: Initial hype (“The iPhone X feels like ‘the future of the smartphone’” and “Apple’s Best Phone Ever”) gave way quickly to criticism and conjecture (“Hackers respond to Face ID on the iPhone X” and “How Secure Is the iPhone X's FaceID?”).
Most of the security risks we can imagine, though, have already been considered by the developers, or they will be patched soon. The real danger usually doesn’t come from one piece of technology or a singular hole in the software; it comes from the convergence of hardware and software over time – when software and hardware begin interacting in ways we (and the engineers) couldn’t possibly have imagined. The risk doesn’t result from one giant leap forward; rather, it accrues incrementally, with small changes in how we live and work.
As risk accrues, large-scale security incidents are becoming more common: data breaches too numerous to count are occurring daily. Among the worst was the 2017 Equifax data breach, when more than 143 million U.S. consumer reports and Social Security numbers were compromised.
Data breaches are increasing in both regularity and intensity due to a combination of factors over time:
- Internet speeds are increasing, enabling users to download large volumes of data quickly.
- Outdated, mismatched operating systems (OS) have created an open door, with recent research showing that organizations with more than half of their computers running outdated versions of an OS are more than three times as likely to experience a breach.
- Increasing numbers of organizations have moved to digital record-keeping, leading to an explosion of readily accessible data.
- Greater mobility, with more organizations embracing cloud computing and enabling remote work via virtual private networks (VPNs), raises the risk of unauthorized remote access to sensitive data.
On their own, each of these factors poses a risk to business or personal information that can be mitigated fairly easily. But when combined, the risk becomes exponential — it’s little wonder we’re seeing such notable breaches in security. Following the timeline of technology illustrates how these vulnerabilities occurred over time.
1996 – 2000: During this period, most large businesses undertook digitization / CRM projects to store their data. Internet speeds were slow, with most connections being made via dial-up, and even a modest data breach of 10GB would have taken weeks to transfer over a network.
2005: The Pew Research Center found that a majority of Americans on the internet had a broadband connection. Although slow by today’s standards, these speeds allowed for the steady streaming of data. YouTube was founded in 2005, which wouldn’t have been possible without faster, sustained connections.
2010: Cloud computing became a very real concept, with businesses adopting commercial VPNs for their employees to access networks remotely. At this point, a 10GB file took about five hours to download given the average connection speed in the U.S.
2014: Microsoft stopped supporting its Windows XP operating system. XP was arguably the most successful operating systems of all time, and it is believed that more than 50 percent of organizations have one or more instances of XP still running in their organization today.
So, we have customer data stored on potentially unsupported hardware, designed to be accessed remotely in an era in which the average internet connection could download a 10GB file in less than 30 minutes. Add in human error and malicious intent, and you can begin to understand why data breaches have become so prevalent.
DATA BREACHES OVER TIME
Large businesses are particularly at risk from these kinds of attacks due to the difficulty of effecting change. The Equifax breach could have been prevented by any number of changes to technology, such as adding two-factor VPN authentications, stronger data encryption and hardware refreshes.
Decisions about technology, however, almost always have nothing to do with technology – they have far more to do with cost and change culture. For example:
- An inefficient organizational structure can cause a failure to adapt if the business’ pain points are not communicated effectively to leadership. A management team that is in touch with what front-line employees are feeling and hearing can make better decisions for the business as a whole.
- Outdated and narrow metrics mean you’re only able to measure what’s captured. Regularly refreshing your data choices based on market changes will leave you less vulnerable to smaller, more agile competitors.
- When your employees are fully focused on running the business, it leaves little time to ask how things could be improved. A fresh perspective on an old process can lead to valuable insight.
An organization that is change-ready is in a far better position to mitigate the risks posed by technology convergence. After all, your organization is unlikely to become the subject of a multi-billion-dollar lawsuit due to facial recognition software or your new flying company car policy – real risk is realized over time. Allowing for a culture of change within your business will enable you to not only protect your company data but also better react to changes in the market.