Now that the Internet is an integral part of our lives, it’s easy to forget that 15 years ago it didn’t even exist, at least for most people. In fact, the Internet has been around for more than 45 years, with the original iteration functioning as a way for scientists and scholars to send messages to one another.
So, how did the Internet grow from its academic origins to become the indispensable global tool we know today? Many would say its rise was due to the creation of the World Wide Web or the speed of data transmission that made the Internet accessible to billions of users.
I would argue that it comes down to another — equally important, if less visible — development: security. Information security is necessary to maintain privacy, authentication, integrity and availability. Without it, all business communication, from small credit card purchases to trillion-dollar transactions, stops. Our personal lives, too, would be hugely disrupted if our data could not be protected.
Today, the web is changing faster than ever before: wirelessly connected to a vast, invisible network, the number of Internet-enabled mobile phones in the world is roughly the same as the total global population. Already, cars and televisions are being manufactured with inbuilt Internet capabilities, and in the coming year we will see a plethora of “smart” refrigerators, toasters, heaters and air conditioners. In a very short time there may be more appliances online than computers.
The problem is not in expanding the scope of the basic technology itself, but in doing so haphazardly. My concern is that although security is the key enabling technology of the last two decades of Internet growth, its vital role is still not recognized, and so it is not being designed into products and systems from the ground up. Security is being added on carelessly, an afterthought rather than a design priority. This is not merely poor planning; it is a recipe for disaster.
In this sense, Internet security is already in terrible shape. I know that may sound alarmist, but the truth is pretty alarming: the hacking of individuals, companies and governments has become a constant stream. There is a saying in the business world that there are only two types of companies: those that have been hacked and those that don’t know they’ve been hacked. Despite this, many large organizations still treat cybersecurity as a lower-level priority, a cost item to be minimized wherever possible. It’s fair to say that companies invest more time and effort in designing their environmentally friendly buildings than in shielding their information-technology networks.
The result has been case after case of infiltration, information theft and even physical damage. For legal reasons, many companies will not disclose that they have been attacked, which serves to lessen the overall perception of risk. In reality, however, we have seen violations of intellectual property of all kinds, from sensitive government data to the personal data of retail customers, and the blackmailing of a major Hollywood film studio. In my view, the theft of almost a dozen terabytes of data from Sony Pictures is not as alarming as the ease with which the hackers broke in and carried away the data without anyone noticing.
The truth is, there are thousands of companies just like Sony Pictures — respectable, serious organizations that bought some off-the-shelf IT security package or hired some computer-savvy consultant to manage their online security. It’s safe to say we will see more hacks at least as serious as Sony’s. And the risk is not only a matter of losing information: companies risk loss of reputation, loss of productivity, loss of employee morale and, of course, lawsuits from shareholders and business partners. Widespread corporate hacking will dramatically affect the business environment in the coming years.
We need to re-examine Internet security immediately, before things get any worse. Specifically, we need to conduct a truly multistakeholder discussion that can coordinate the public and private sectors at an unprecedented scale. This will require the cooperation of some organizations that have not previously collaborated in addressing global issues. For obvious reasons, I believe there is no better platform to carry out this daunting task than the World Economic Forum.
If we do not deal with this problem, the risks are enormous. First businesses and then the public will lose faith in everything they see on their screens, and the Internet will cease to function as perhaps the most useful tool ever created.