Web 2.0: Balancing Opportunity and Risk
It’s been almost 20 years since Tim Berners-Lee developed the World Wide Web, and it’s now impossible to imagine our world without it. The Web has changed both our personal and professional lives in ways we never could have imagined when it was announced as a public service in 1991.
Unfortunately, the benefits the Web has brought us have come with a price: threats to our privacy, our personal and business information, our economy and even our government. As more people share information and conduct business over the Web—and join social networking sites such as Facebook, LinkedIn and Twitter—these threats continue to grow in scope and frequency. Today, cyber-threats represent an ever-present danger to our way of life.
That was made abundantly clear at the recent International Conference on Cyber Security (ICCS), hosted by the FBI and Fordham University. At that event, more than 1,200 professionals from 50 countries traveled to New York City to gather information about combating this plague. (See “We’re All Cyber-Warriors” at tinyurl.com/28tb6dy.)
In the conference’s keynote address, Howard Schmidt, White House cybersecurity coordinator and special assistant to the president, pointed out that the world's economy depends on the Internet, noting that $10 trillion in business was conducted over the Net last year—a number he expects to double in the next decade. So it's critical, Schmidt added, for public and private organizations to work together to fight cyber-threats.
Schmidt recommended ratcheting up the fight against cyber-crimes by increasing law enforcement and intelligence capabilities; establishing stronger deterrents, such as longer prison sentences for offenders; building more resilient networks with better backups; floating critical information around a network so it’s a harder target; and cleaning up government networks to reduce access points to the Web, thereby making it easier to monitor and identify malicious traffic.
Of course, Schmidt is not alone in his belief that cyber-security is a responsibility that must be shared. Another ICCS presenter, Rich Baich, principal of security and privacy at Deloitte & Touche, stressed the importance of presenting a united front. “We need to eliminate silos and share information to mitigate risk,” he said. “Technology is an enabler of security, but organizational structure and collaboration among all the stakeholders are equally important.
“To provide adequate defenses against cyber-criminals, organizations need to follow a three-step process: know where their information is, know how to get it and know how to use it to make good decisions. Making your information actionable is essential.”
In “Weaving a Web 2.0 Security Strategy,” contributing writer Samuel Greengard offers additional guidance for dealing with cyber-threats in a way that doesn’t hamper business. The experts he interviewed offered this advice: Develop a holistic strategy for dealing with security challenges; test systems prior to deployment and monitor them continuously; ask for advice from all departments within the enterprise; educate employees about their role in fighting cyber-threats; and put protections in place at the programming level.
“The key to success,” Sam wrote, “is to balance security requirements with business needs. … Shutting down social networking sites, cutting off access to blogs and wikis, and limiting a variety of other interactive services and capabilities will probably prove counterproductive.”
We obviously can’t go back to pre-Web days—and we wouldn’t want to even if we could. The Web is here to stay—and so are cyber-threats. So we have to deal with those threats in a realistic way. As Sam pointed out, it would be counterproductive to ban employees from using social networking sites. And companies can’t monitor every e-mail, IM and tweet sent out by their employees.
But that doesn’t mean managers have to resign themselves to data breaches, stolen intellectual property, lost customers or employees who leak confidential information on Facebook. Instead, they need to develop realistic policies and guidelines for employees, partners and customers. And they must educate employees about online dangers and their role in keeping information and networks safe.
If we’re going to win the war against cyber-threats, we all have to fight to make the Web a safer place.