Given the goal of most attacks is to gain access to our critical customer, intellectual property, financial or personal data, and that firms large and small and governments have been hit you’d think everyone and their brother would have some form of robust permission/access management service or product in place to protect aggressively against this kind of attack. But nope, this is still more of an exception than a rule even though a breach like this could cost a CEO his or her job. There aren’t a lot of CIOs who survive getting their CEO fired.
Putting data acquisition before analysis
One of the most annoying things to watch this year was the San Bernardino attack post analysis. It turned out that much of what law enforcement needed to prevent the attack was on social media and not protected. Yet instead of focusing on doing more with what it legally has access to, the U.S. government focused on collecting more information. This, unfortunately, is far from uncommon because big data as a concept got well ahead of intelligent timely analysis.
Here’s a thought, before you spend massive amounts of money collecting more data, why not spend a little analyzing better what you already have? The group that collects the most data doesn’t win, the group that makes the most informed decisions wins -- this is true for business as well as government. Most firms would be far more successful if they focused more on quality results and less on capturing more data.
IoT is stupid
Here is why we aren’t secure enough and we are in a cyberwar. If you can’t adequately secure what you currently have why the heck would you connect a whole bunch of critical systems to the Web? This just seems like we are asking for an apocalyptical end. Security needs to come first and yet, and we saw this with the Chrysler hack, we are still connecting things more effectively than we are securing them.
Can you imagine what would happen if say a million self-driving cars successfully received the command to suddenly turn? We’d be raining cars off the Golden Gate Bridge, 9/11 would look almost insignificant by comparison. Rather than connecting stuff directly to the network maybe consider connecting them to a secure hub instead?
Rethink executive compensation
From Golden Parachutes in the tens of millions to bumping someone up 10x or more in full compensation for a promotion it shouldn’t have taken Martin Shkreli (the problematic now ex-CEO of Turing Pharmaceuticals) to point out that excessive compensation leads to stupid behavior. These mammoth sums of money become huge distractions and often lead to really bad behavior.
Sign up for CIO Asia eNewsletters.