Freedom and Security
For most Americans, it took the catastrophe of 9/11 to awaken them from their false sense of freedom and security. Unfortunately, we now know that there were many signs of the impending catastrophe along the way; we just chose to ignore them. My question today: How many more signs do we need before we start to take the issue of data security seriously, and I mean really seriously.
In the past few months, and on a nearly bi-weekly basis, we have learned of incredible breaches in data security at some of our most storied corporations and stewards of critical personal and financial data. Experian, Citibank, and Sony are but a few of the companies whose networks and servers were hacked and who are now paying the price. Not only is it costing them many tens of millions of dollars to repair the breaches and shore up their systems, they have experienced dramatic losses in customer and market confidence.
But given the size, scale and scope of these breaches, I believe the problem extends beyond a few of the headline-catching incidents. I can’t help but feel that there is a loud warning to be heard. A warning not dissimilar in nature to those that preceded the events of 9/11.
The warning I hear goes something like this:
“Hey America. Yes you. You tech-wielding, internet-loving, ecommerce-mad nation. You crazy kids that love doing everything on line and telling your friends about it the second it happens. Well, you and your children aren’t anywhere near as safe as you think. Bands of hackers assemble and disassemble on the web to take down nearly any target they wish. Visa, Paypal, US government offices, nothing is impenetrable. And along the way, your personal data is collateral damage. Your personal data is nothing more than electronic blood diamonds used to pay for the agenda-driven mischief making of the nameless and faceless Internet bandits and warlords.
And you corporate folk out there, you guys and gals that have staked your professional lives and livelihood on the expectation that there will be a secure free flow of bits across the web, you have got to be kidding me. Whatever security processes you have in place, clearly they are not enough. And while you may not be able to fend off a massive attack, you can at least make sure you are doing everything possible to minimize the damage when the attack does come. Because from what we are seeing on a pretty regular basis is that more attacks are on their way.”
OK, enough high-brow philosophy. Net, net what am I trying to say.
Now is the time to make the case for that data security project that has been sitting on the back burner. Now is the time to highlight to your senior executive committee the unique dangers your company faces. Now is the time to confess all of your data security weaknesses and to put together the very best plan to fix them.
Why do I say that now is the time? First and foremost because it is! Second, and unfortunately more importantly, because there has never been a time when CEOs around the world are more scared of what can happen to their businesses as the result of a data security breach. And as the saying goes: strike while the iron is hot. And there is no better time to sell a man an insurance policy than shortly after his best friend suddenly dies. All of which brings me to my key point: Go dust off that data security initiative and make it your crowning achievement for 2011 – 2012. Who knows, there may even be some genuine competitive advantage to be had in data security.
And at the risk of being thought of as too political on this day of national pride, let me suggest that the 4th of July remind you that freedom ain’t free. Whether it’s to protect our nation or our data, we have to be willing to secure ourselves as best we can.
