First (Really Late) Night at SXSW

It’s 3:30 in the morning and I’m walking around the Army Applications Laboratory offices in Austin, Texas, getting a tour from my new friend, Daniel. I met Daniel a couple of hours earlier at a lovely drinking establishment on the infamous 6^th Street in Austin on the opening night of SXSW. 

I was there to spend time with colleagues in the Entrepreneurs Organization (EO). We gather often to help each other continue to grow personally and professionally. On this trip, I was hoping to get some help from my peers on growing Avalon’s cybersecurity service offerings.

But, back to Daniel. Our conversation started with a discussion of how SXSW, famously originating as a music festival for unsigned talent, has drastically evolved over time to be a hotbed of tech launches. The conversation quickly digressed into a heated debate about emerging technology and, before we knew it, we were ushered out the door as the bar closed. 

At SXSW

It wasn’t surprising, given the late night before, that I woke up about a half hour before the Malcolm Gladwell session at SXSW. I appreciate Gladwell as one of those minds who thinks a bit differently, provides us with thought-provoking questions, and offers a unique perspective. (If you’ve ever read any of his books, such as Outliers, The Tipping Point, or Bounce, you know what I’m talking about.)

Gladwell was on a panel with Chris Urmson, a pioneer in self-driving technology—and their topic was self-driving cars. I wasn’t particularly interested in the subject, but luckily, the conversation quickly turned to a much broader, more relevant topic. 

Urmson was sharing some surprising statistics. For example, 30% of all traffic is people just looking for parking and, in some cities, this number jumps to 70%. Another stat: There are nearly 40,000 deaths per year in the U.S. (over a million worldwide) resulting from car accidents. We don’t hear much about those stats, Urmson said, but if there are a couple accidents involving self-driving cars, the media has a field day.

This is what caught my attention, since this is a challenge often faced by new technology: The way the media covers it and the impact that coverage has on our perceptions of technology. (In regard to self-driving cars, despite the media’s “opinion” on this subject, the experts are fairly aligned in their beliefs that the number of annual deaths can and will drastically drop with the adoption of self-driving technology.)  

Gladwell then pushes the conversation to security. “What if the cars get hacked?” he asks. Sure, this could expose some people to a dangerous situation, but what happens when we raise the stakes? For example, he says, the Department of Defense is interested in this technology. Imagine how high the stakes will be when they are using self-driving vehicles to transport nuclear-tipped missiles? Do we trust that the world will modify the effort put into security-based solutions on the true impact of a security incident? Urmson believes we do and will; Gladwell disagrees.  

Gladwell continues: “It’s not encouraging to be launching a massive social revolution at a time when fundamental questions of cybersecurity are left unanswered.” There are technologies being developed today that will absolutely change the world we live in. The speed of change is exponentially fast as these technologies become accessible enough for small to mid-sized businesses to adopt, and for the average-income consumer to purchase. Along with that accessibility comes vulnerability. Today, I think many would agree, these vulnerabilities are not being considered or are being flat-out ignored by the businesses and consumers that will be widely implementing them.

During the discussion, Urmson says that the world is building amazing new technology, but simultaneously introducing multiple new points of vulnerability. What is our duty in relation to this? Urmson points out that this is a connected-world problem, not just a self-driving car problem – and I tend to agree. 

My Lightbulb Moment

A connected world problem…that had me thinking about other past and recent technologies, for example: 

• Email: While this has been a part of the world for a while now, we have yet to find ways to protect ourselves from the vulnerability that email introduced. Of the entire hacking landscape, email compromises make up  90% of all breaches. 
• Health portals: These are convenient and helpful, but what risks have they introduced? What if our health records, and the wealth of personal information they hold – SSN, date of birth, city of birth, parents’ names, etc. – are leaked?  
• Online tax filings: Who doesn’t like saving the time and hassle of filing taxes online? But who thinks about the risks of these systems being compromised? 
• Apps: My current favorites are the Starbucks app to order my coffee, the Hilton app to check into my hotel room, and Alexa to order household goods without logging into a computer. But these smaller scale technologies are also putting us at risk. 

We must start thinking about how to protect ourselves from these new vulnerabilities as we introduce this exciting, new technology. 

So, let me ask you this: What sort of technology are you thinking of rolling out in your company? What do you need to do to stay relevant in your industry and what vulnerabilities might you be introducing to your business as a result? 

Back Home: Reflections on cybersecurity pros and the industry

After returning from SXSW, I was talking with our partners Brian Haugli and Taylor Lehmann at SideChannel Security about the massive increase in cyberattacks this year and, more specifically, the lack of response by the organizations that have been affected.

Brian and Taylor made a fantastic point about the importance of protecting critical business systems: There is a deep need to consider the humanitarian response to inaction.

For example, Brian says: If a doctor’s office is hacked, are the owners worried about the business? Yes, of course. Are they also worried about the people who need those services to survive? I hope so, but what if they’re not thinking beyond the impact to their business? What happens if someone needs emergency medical treatment but is unable to contact their doctor or access their medical records because the network has been compromised and locked with ransomware?  

It's time we all start asking questions like: 

• Who needs our services? What is that impact if they are not able to access our services? 
• Do our teams need us? If our business closes (like many small businesses do after a breach), what happens to them? 
• Our families and our teams’ families—do they need us too? 

These are the realities of staying relevant in business – and this is why the cybersecurity industry is so important. The professionals in this industry are working to protect us from vulnerabilities and are doing so at the same time that technology is moving faster than ever.

Everyone on the Avalon Cyber team and everyone I’ve met in the industry is just as passionate about what they do as they are about collaboration. That’s why they speak at events with their peers, organize events, and promote open source solutions. They know we need security processes technology that can be adopted more easily. And they want to leverage their pool of knowledge to improve security so that it will match the speed of the technology being adopted. 

Cybersecurity professionals are doing difficult, challenging, and evolving work. We all have an obligation to protect the world as it changes. And as business owners, we have an obligation – to those who rely on our services, to our teams, to our families, to the world – to think holistically and support these professionals and this industry because they are the heroes of today. They are fighting the bad guys and are working to keep us free from danger as technology marches on. I firmly believe that they are the ones who will save the world.  

So, while I enjoyed my time at SXSW and reflecting on everything I learned there, I’m hoping that, in the future, rather than lying awake at night agonizing over the new threats in our connected world, I can spend more of my evenings meeting fascinating, new friends in extraordinary cities across the U.S. and around the globe.