Digital Convenience Threatens Cybersecurity

This period in digital services is exhilarating — and also terrifying. Connecting extensive and varied data sources, networks, and machine-learning models enables intimately interlinked service offerings, allowing people to pay bills, access health care, and even cross borders using the technology of their choice.

Seamless connectivity dramatically increases convenience. Yet it also increases the number of potential attack entry points — such as application programming interfaces and third-party services — significantly raising the threat of cyberattacks that put personal data at risk. In turn, the exploding volume and concentration of personal data stemming from greater automation and personalization of products and services magnifies the consequences of an attack.

Hackers in the past might have been limited to dimming the lights in someone else’s house through a smart-home device, but today’s cyberintruders can crank up the heat, play music, even speak to residents through devices’ security cameras. By simply pointing a laser through a window, hackers can commandeer virtual assistants, potentially accessing personal digital accounts, credit cards, and even connected medical devices, researchers recently found.

Future digital exposure is expected to expand even further. Automated voice assistants will arrange date nights, business appointments, purchases, and vacations. Once these services collect enough information about a consumer’s preferences, they’ll offer suggestions and anticipate users’ needs. Voice assistants have already come under attack, but they’ll be even more dangerous where they hold sensitive financial, medical, or biometric data, enabling potentially devastating damage from breaches.

Digital services providers will need to assess whether the additional convenience provided by ever-smarter devices is worth the cybersecurity damage risk. Here’s how to improve the cyber resilience of the increasingly popular, increasingly broad range of seamless digital services.

Employ a Data Liability Lens

Unshared data cannot be bought, sold, shared, or hacked, but any data shared is a liability for its owner and the provider holding it. Consumers should limit the amount of personal data they share with services or on social media accounts, where they can choose to post full names, birth dates, and addresses. When social media is linked with other online services, information can spread fast — and malicious actors can use such basic information to find further data to access bank accounts, credit cards, loans, investment products, and even pensions.

As any customer-acquired data is potentially vulnerable, the most effective risk reduction strategy is simple: Collect less data.