The third principle of digital transformation
Modern organizations operate on two principles of digital transformation:
Everything that could be made to connect to the internet (including both products and services) should be connected to the internet.
All accessible data may prove useful/valuable and should be collected and stored.
There appears to be little debate about the negative consequences of these two principles. They are assumed to be beyond refute.
Organizations forget there is a third principle of digital transformation:
Everything can, and eventually will, be hacked.
All organizations need to start with the third principle of digital transformation as they consider how they do business in the future.
Data collection and storage
No data should be collected and stored unless absolutely necessary. And there should be strenuous debate regarding the meaning of the word necessary. When it is determined that data collection is absolutely necessary, organizations should focus less on attempting to secure that data and instead focus on minimizing the impact of the data theft that will eventually happen. How can data be obscured and anonymized so it cannot be a threat?
Internet Connectivity
Not every device needs to be connected to the internet. Not every service improves when turned into an app. Organizations should follow a strict process to evaluate the benefit and risk of connecting anything to the internet. They need to do a better job of understanding the risks before they connect anything to the internet. when the determination is made that the device or service should be connected to the internet, organizations should have a process for reducing the impact of a hack that turns devices into a bot net and/or a launching point for an attack on the organization itself.