Like many companies, national agencies are – with tremendous capabilities and resources, as well as broad legal coverage and tolerance – accumulating user-generated data, applying algorithms, and condensing it into information. The difference is that agencies are searching for terrorists. By contrast, big digital services providers are taking the information to improve their business models and to target customers ever more precisely.
It isn’t easy to address cyber threats without setting off a cascade of potential undesirable results. Technological progress and related data mining will not stop. Therefore, our capabilities to cope with cyber threats and to adjust to new rules must be integrated into our social knowledge. In the long term,the handling of data needs to become an important part of our society’s education.
More immediately, companies need to make cyber risk evaluation and mitigation a higher priority not only for their own benefit, but also for the sake of their customers. Banks need to protect their systems and secure their networks and data against unauthorized access and phishing. Energy companies must safeguard their grids from blackouts induced by cyber attacks and protect smart-meter client data so that it cannot be used against their customers.Even car manufacturers must grapple with the new reality. As their cars become more“connected” and “intelligent,” they are more at risk of hostile takeover if these interfaces are not sufficiently protected.
