You Cannot Win at Cybersecurity - But Could Make Good Money By Choosing Not To Play
Firstly, startups are innovating faster and more effectively than ever. Secondly, new technologies are increasingly enabling this kind of inexpensive, early-stage competition while simultaneously accelerating their own evolution. And, lastly, we are in an environment in which cybercrime is lucrative, global, and increasingly lauded. The result is that anyone defending intellectual property is facing a battle of Sisyphean proportions. Fortunately, the very environment which is forcing the issue of said IP’s value provides an out - by giving it away.
Cybercrime has been exploding across every vertical, every business, and every geography. There are a variety of reasons for this, from growing complexity to a booming market for attacks and stolen IP. Two of Medstar's Baltimore hospitals were hit by Ransomware. Spear phishers tricked Mattel into transferring $3M to a Chinese bank. One bank lost $81 million when hackers pwned its internet routers. These are just recent incidents, but check your news feed today and you're sure to see others. As an example, witness the recent closure of a significant portion of the popular internet by the Mirai malware, which operated by focusing on consumer electronics - the burgeoning Internet of Things. What's more, these attacks are only the ones that are reported: as any good criminal will tell you, it's not the attacks you know about that you should be most worried about.
Cybercrime is on the rise, but what attacks are we not aware of?
At the same time, there are strong cultural reasons why cybercrime, and IP theft in particular, are growing in popularity. From the early days of Anonymous attacking the Church of Scientology, to the leaks by Chelsea Manning and then Edward Snowden, to the more recent explosion of the Panama Papers, public awareness that hackers can liberate documents of public interest has exploded, and continues to explode. At the same time, more and more mature markets for selling and sharing said data are evolving, in many cases abetted by pseudo-anonymous payments systems such as Bitcoin.
There's an alternative to engaging in this arms race, however. Instead of hoping to out-compete Russia in cyberdefense, for example, or watching as your ever-increasing ability to hoard data skyrockets your defence spending, you can just give much of it away.
Organisations such as Wikileaks and Anonymous are exposing more information that is deemed of public interest
Open data programs in which IP is shared with partner companies, consumers and new potential markets abound. Simultaneously, consumers expect now more than ever that you *will* share your data, and if you're not you've got something bad to hide. Perhaps even more importantly, if you're not sharing your data to develop new markets in conjunction with those savvy new startups, you're putting yourself at the back of the line, because somebody else surely is. That's how market dominance is increasingly won - through innovation - which simply doesn't happen as prolifically in the privacy of your own data centre.
The difficulty with all this, of course, is in figuring out what to share and what to keep private. At present, most companies have responded to the concept of Big Data by storing everything and presuming it's mission critical. There is an upside to this, in that it means you've got a well-developed platform for engaging partners, consumers, and third party markets. But there's not typically a lot more to it - ask any data scientist worth their salt what data you should collect and they'll ask you what question you're trying to answer with it. If you don't know that, you're collecting data for no reason, and often that means you've got data you can share.
Businesses must decide which data to share to reduce risk
Put another way, deciding what to share in order to reduce your security risk and improve your innovation odds is markedly simple. Just decide what is really worth spending scant resources to defend as measured against the potential upside of sharing the data to create new partnerships, markets, and product … and then default to sharing the rest.