James Lamond:
In Promoting Cybersecurity, Everyone Has A Role

This op-ed was originally published in Forbes.

Technology today is changing at a near-breakneck pace. There are exciting new developments constantly taking place, with the potential to improve lives and tackle some of the biggest challenges we face. But bad actors are also innovating and thinking of new ways to exploit an increasingly connected world. In this new environment, everyone has a responsibility to help protect the security, safety and privacy of users.

The potential for major technological breakthroughs that can improve people’s lives is vast and includes such wide-ranging uses as tackling global issues like climate change, developing lifesaving medical discoveries and even just convenient improvements to everyday life.

This potential is particularly true for connected technologies, which are increasingly becoming the center of digital activity. Smartphones are now the primary means by which people access the internet, with the majority of web traffic taking place on mobile phones. The statistics are jaw-dropping: Americans spend over five hours on their mobile phones each day, there will soon be over 311 million smartphone users in America, and people check their phones up to 58 times daily.

As people increasingly use smartphones, they are also using it for more purposes. Today, smartphones and other connected technologies such as tablets, smartwatches and wearables are used for a multitude of activities, including banking, monitoring exercise/healthcare statistics, dating, e-visiting a doctor, ordering a car, and more. With exciting advancements in areas like generative artificial intelligence (AI), electrical and autonomous vehicles, and virtual/augmented reality, the number of uses for connected technology is only growing.

But just as people, researchers and inventors are continuing to innovate, so too are bad actors. Nearly every day we learn about a cyber intrusion or creative way that either criminal organizations or state actors are exploiting vulnerabilities. Just last month, researchers discovered a cheap streaming device that came with secretly installed malware right out of the box, which then served as a node in an organized crime scheme. The Center for Strategic and International Studies (CSIS) tracks significant cyber events and found that in September alone (the last full month where data is available), there were significant cyber events from Iranian-, Russian- and Chinese-sponsored hackers, and even an incident of Indian hacktivists targeting official Canadian websites in response to a dispute between the two countries’ governments.

How do we overcome this challenge and ensure that as we use connected devices for more new activities—often collecting sensitive or personal data—that the devices, software and networks are kept secure?

As with any issue of this scale and importance, overcoming the challenge requires every sector—private, government, civil society and the public—to perform its role.

For businesses, it should be an easy case. Companies that are operating within the digital ecosystem (which is most companies these days) have both the responsibility and the opportunity to practice trustworthy behaviors such as employing robust security measures and transparent privacy policies. It is a responsibility because their customers may be sharing some of their most personal data with these companies, and it should be incumbent on them to keep that data safe and secure.

It is an opportunity because it’s also good business. A survey performed last year by McKinsey & Co. found that “Organizations that are best positioned to build digital trust are also more likely than others to see annual growth rates of at least 10% on their top and bottom lines.” In fact, 85% of respondents say that knowing a company’s data privacy policies is important before making a purchase, and many consumers will even consider switching brands when a company’s data practices are unclear.

Users of technology can also take important steps at the technical level to help protect privacy and ensure security. This includes measures such as adopting multifactor authentication (MFA), only downloading from trusted sources, and keeping software up to date.

But there are also important economic decisions that can impact network and device security. For example, as discussed above, cheap streaming devices were infected with pre-installed software that allowed criminals to operate on user networks, demonstrating the importance of making purchases only from trusted companies. If a deal seems too good to be true, it just might be.

Governments have a difficult task governing a rapidly changing industry. Technology is simply moving faster than the legislative process does. So legislators and regulators will need to keep a certain degree of flexibility in their processes and continually reassess.

The recent decision by the European Union to commission a technical study to assess and map the security concerns stemming from certain provisions of the newly enacted Digital Markets Act (DMA) is instructive. The DMA is a vast new law that governs much of the digital economy and will have a profound impact. The forthcoming technical analysis highlights the need to constantly reevaluate a rapidly changing environment.

But in order for this to work, it will require a comprehensive and thorough technical analysis of the very real and critical security, privacy and safety implications of the DMA, including recommendations for how to mitigate unintended consequences.

Moving forward, other countries considering DMA-style legislation should consider performing such an assessment at the front end of the process, as the legislation is being drafted or considered, rather than after the law has already passed. This would make for a more efficient, streamlined and secure process.

Civil society should also continue to advocate for issues that are important to its work. An important effort has emerged to help protect the use of end-to-end encryption. As analysts at the ACLU recently argued, this technology “not only protects individuals from cyberattacks but also empowers citizens to communicate freely without fear of surveillance, censorship, and warrantless searches.” Such voices are important to consider when evaluating the security, privacy and safety implications of technology policies.

Ensuring that we keep our digital ecosystem secure, private and trusted is not a simple task. But if we all play our role, we can help build a more trusted future together.

James Lamond is the Executive Director of Trusted Future, a Washington-based think tank focused on technology policy.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.