As cyber security threats continue to escalate, McAfee’s CEO urged the mobile industry to take security far more seriously by making it a quality-control metric – and they can start by learning a lesson from Toyota’s management philosophy.
During his keynote slot at Mobile World Congress 2018 in Barcelona Tuesday, McAfee CEO Christopher Young offered a grim outlook at the threat vectors facing mobile, which have multiplied exponentially since the early days of smartphones when Apple launched its App Store in 2008. Back then, he explained, the problem was relatively manageable because Apple had centralized control over the store platform and the device OS, and carefully vetted apps for quality and potential security flaws.
That’s no longer the case in 2018 where most phones run Android and the IoT ecosystem comprising billions of devices is vast, decentralized and notoriously insecure. McAfee now sees 600,000 new unique threats per day across 300 million mobile devices, said Young. And threats are morphing and changing to circumvent existing defenses.
“The complexity and scale of attacks are increasing, and more importantly they aren’t going away,” he said. For example, the 2016 Mirai botnet that attacked and crippled Dyn’s DNS servers for a couple of hours may have faded from the headlines, but it’s still out there and according to Young, it attacks a device every six minutes.
Now that bad actors have figured out they can weaponize IoT devices by recruiting them into botnets, “the Internet of Things has many Mirais in its future,” Young said.
Young called on everyone in the mobile ecosystem to take cyber security seriously and implement security by design rather than as an afterthought. But that’s not a new idea, and it’s a best practice that must be embedded in corporate philosophy, not simply a directive from the company’s chief security office.
To that end, Young suggested the industry take a page from the playbook of Tatsuro Toyoda – the son of Toyota Motor Corp creator Kiichiro Toyoda – who brought the Japanese “andon” style of car manufacturing to the US that emphasized quality over quantity, and made it everyone’s job to ensure that quality. Toyota’s “stop the line” philosophy enabled anyone on the auto assembly line to stop everything if they spotted a quality problem with a given car or car part.
“I’m asking you to make cyber security your new quality movement,” Young told the MWC audience. “Embrace the same management philosophy where every employee is encouraged to ‘stop the line’ when they see a potential security issue being introduced.”
Young also emphasized that the whole industry needs to embrace this concept, not just some companies. “The job of cyber security is never done, and no single company or product can secure everything. We need to make cyber security the new quality metric of our time.”