The Stepped-Up Need to Immediately Uncover and Address Technology Risks
Jan 22, 2015
Safety and security have always been the afterthoughts of almost every technology innovation and deployment. As a result, innocent, and sometimes not-so innocent people, become injured or killed while operations are crippled when the “bad things” inevitably happen.
Sadly, managements too often respond with denials, excuses, coverups, blamesmanship, and unkept promises to look into the matters: while punishing the whistleblowers. Only when these dubious strategies usually fail do executives take useful action: in order to thwart lawsuits, more regulations, and to stanch the damage to brand reputation and loss of sales.
But the stakes are too high: in lives, property, infrastructure, the economy, and national security to continue repeating this wretched, painful, and unproductive cycle.
The prime case in point is the ISIS hack of CENTCOM’s social media accounts, as reported by U.S. News and World Report. This is an eye-roller. Hello, Pentagon. This is the Internet and social media. When you put information on them anyone can harvest it, and security is porous: as ISIS clearly demonstrated. So why leave us vulnerable to attack? This is the new battlefield, folks. And how come you, or the other agencies that we the people fund to protect us, failed to respond to ISIS’s use of social media that helped it to become the threat it is?
But the ISIS hack is only the latest rivulet in a growing stream of security failures. Almost every day, it seems there are reports of yet another attack, or risk of one. Like the breaches on stores like Michaels, Home Depot, and Target, as reported by CBS News. Or more disturbingly, the hacks into baby monitors, like the massive incident last November reported by the Associated Press, carried by Fox News.
Meanwhile companies are rushing to deploy to use drones before the necessary legal and security frameworks are in place. Any day now there will be headlines of someone killing a bystander while attempting to shoot down a trespassing drone or of an armed drone wounding a child who climbed over a fence. And it is matter of when a terrorist will hijack a drone to launch an attack.
It is imperative that companies (and vendors) take a long hard look at security with their technologies. They must especially pay attention to connected devices or the Internet of Things (IoT), including home systems, machinery, medical devices, vehicles and wearables, and yes, drones. There is unspeakable havoc that could arise with IoT with security breaches. If one occurs on a large devastating scale soon, it could cripple the emerging IoT market.
Corporations (and governments) should consider methods like creating virtual networks (VNs) that are isolated from each other, but which are centrally controlled. In Avaya’s Fabric Connect each device is given their own VN so that if one of them is infected the malware cannot spread to the other devices. But they also should have “old-school” closed loop systems as the backup, or use them in instead of networked systems where breaches could lead to significant loss of life, property, and security.
Every vendor should adopt more aggressive “build/then break” development and installation policies. They have to be their own worst enemy before they can face the looming threats.
In turn, every communications carrier should insist that applications using their networks meet strict security protocols and standards, allow them to test for vulnerabilities, and require customers to correct flaws. They also should insist end-user customers have proper security on their endpoints and also with the right to test and demand rectification of vulnerabilities, as conditions of service.
Finally, as Frost & Sullivan Consultant Pramod Dibble correctly pointed out about hacking and passwords, we should make sure that we use our technology wisely. If we do not then we only have ourselves to blame.
With the increasing presence of technology in every facet of our lives, yet faced with the growing ability of the bad people to abuse them, customers, buyers, and vendors must act in concert to avoid, detect, and fix product, network, and installation flaws, and mistakes. Only with this greater peace of mind can we truly benefit from these solutions.
Brendan Read is Senior Industry Analyst with over 25 years’ experience covering business, communications, staffing, and technology. He has worked in, prepared reports, and blogged on a wide range of topics including customer contact, CX, CRM, IoT, social media, supply chain, and BC/DR. He also has backgrounds in construction, manufacturing, materials, resource extraction, site selection, and transportation. He examines the broad economic, environmental, innovation, political, and social mega trends, and their impacts on businesses, markets, and society.