What do 52 million Google users, 50 million Facebook users, and nearly every single U.S. military weapon in existence have in common? Cybersecurity problems. I’ve spoken previously about the “move fast and break things” culture of Facebook and Silicon Valley at large—namely that it’s a damaging way for the high-tech industry to operate. As we all move toward embracing connectivity at an unprecedented rate, the “move faster” method of tech advancement leaves all of us all impossibly vulnerable. In fact, it’s widely accepted that once information is digitized it is literally impossible to keep 100 percent safe. So, what do we do about it?
At the rate our world is moving toward techno-vation, we’ll be seeing some 27 billion connected devices on the global mainframe by 2021. All of these devices will be operating in different countries, on different networks, to varying degrees of safety, and with incredibly varied levels of integrity among the users themselves. The fact I always want to stress when we discuss cybersecurity problems is that any device, on any network, is only as safe as the least protected device connected to it. Think about that for a second. In your office right now how many devices are connected to the network? Think about everything from computers, phones, smart watches, and printers. There’s a wink link in there somewhere and hackers are just waiting to find it.
The question is, then, are we ready to slow down enough to consider the implications of that reality? Or, would we rather press ahead with moving faster and breaking more things just to prove we can be first to product on the next big tech disruption?
I’ve Got 99 Problems—and Physical Storage Isn’t One
Do you remember Iron Mountain? For those of us who still remember life before digitization, we can remember the Iron Mountain truck coming to our work offices to grab all of the sensitive paper records and files our company needed to keep safe. As far as I know, there’s never been a breach of a physical Iron Mountain facility. In fact, their goal—to keep documents for as long as you have to, and to destroy them as soon as you can—is something the tech industry should heed more faithfully. From where I’m standing, it’s a far greater adage than moving fast and breaking things, especially in this digital age.
Am I clamoring for the old-fashioned? No. Iron Mountain is a company that thrives even today, although its business model has changed a bit. What I do think is that the tech industry needs to be just as open about gleaning insights and lessons from those who came before them as they are about sharing their own rules of success with others. Yes, tech is the great disruptor. But it can also be the great destroyer if we aren’t careful.
Slow Down and Stop Breaking Things
Okay, it’s not the most original alternative motto. But when it comes to cybersecurity problems, slowing down is the most essential step in getting a handle on the potential ramifications of unsecure networks moving forward in the digital age. That means slowing down long enough to consider the following:
What are the ramifications of this tech advancement? Perform a SWOT analysis! Before starting any major project, we’d take time to map out over strength, weakness, opportunity, and—wait for it—THREAT. High-tech today needs to be doing the exact same thing, with an emphasis on cybersecurity problems. Rather than sending devices and apps into the connected ecosystem willy-nilly, we need to fully understand what could happen when we do. How many people could be impacted? How many companies? What are the financial losses that could be sustained? What about losses to brand/image? In other words: do we really understand the implications of what we are creating here? These questions, if well researched, should be enough to slow down time-to-market and eventually stop breaking so many things.
This should be performed both at the development stage in every company AND the adoption stage. Companies creating products have a responsibility to their customers to ensure safety and they can’t do that if they don’t fully take everything into account. On the other end of the spectrum, CIOs, CTOs, and anyone responsible for buying and adopting new tech in your business needs to perform the same sort of analysis. Don’t just buy tech for tech’s sake.
How long will the connection last, and how will I keep it working correctly? Okay, we’ve got a new device or app ready for distribution. But what’s the exit strategy? How long will we be connected? How do we stop the connection when we’re finished needing it? After all, as we learned from Iron Mountain, the connection should be open ONLY AS LONG AS NEEDED. This is true for all connections, be it connections we open to pull data from customers or connections we open on our online dating profile. No matter how great the connection is, we need an end game. At the end of the day, all data is a liability.
If a failure occurs, how will I fix it? I don’t just mean creating a customer service line. I mean, now what? A breach occurs—the data is out. How do you retrieve it? How do you make it up to your customers? How does that breach rumble through the greater tech industry, and how do you limit the ripples it makes? This is called foresight, and it’s something we’re seeing very little of the faster companies work to get their tech creations into the global digital ecosystem.
Are we being smart? In other words, are we gathering only the data we need, no more no less? Do we have clear and precise rules for destroying the data as soon as we’re done with it? Have we taken time to consider the ramifications on every family, individual, company, and country? Truly, being smart means slowing down long enough to look at technology from every single possible angle. That is part of our responsibility as technologists.
I realize: in today’s marketplace it is hugely tempting to move at the speed of change. I talk a lot about agility and the need to move fast when the market changes. But agility is not willy nilly, and tech advancement should not be either. Truly, rate of adoption is not the root of cybersecurity problems today. It’s the high-tech industry’s willingness to actively push for faster adoption before their own tech is fully optimized.
The original version of this article was first published on Forbes.