The big tech giants are currently at a crossroads. Over the next few years, both the public and regulators will continue to demonstrate concern that the dominance of a few big players is not healthy for either society or business. This will result in the forced break up of one or more of the big tech giants, significantly disrupting organizations that are dependent on them. Product and service offerings will be fractured and organizations will scramble to sustain operating models.
If big tech giants are forced to change, so will business. Organizations will need to find new vendors for a range of products and services, potentially having to use the services of unproven companies located in areas of the world with divergent regulatory approaches. There will be a period of significant turbulence in IT operations. Hundreds of systems will need to be replaced, with terabytes of data repatriated and thousands of contracts renegotiated, fracturing long-term IT strategies.
During this time of intense change, information security will be stretched to its limit. New and existing services will need to be assessed, as business continuity and recovery processes need to be revised and data needs to be transferred in a timely, secure manner. Meanwhile, amid this period of turbulence, malicious actors will seek out and prey on vulnerable, transitioning organizations.
What is the justification for this threat?
Between them, the big tech giants – Alphabet (parent organization of Google), Amazon, Apple, Facebook and Microsoft – are some of the most powerful companies in the world and dominate sectors such as online commerce, social media, search engines, mobile operating systems, streaming and cloud services; all areas on which organizations are dependent. In many cases, organizations are critically dependent on one or more of the big tech giants to provide their services and products. If a break up of one of the big tech giants happens there would be significant disruption to basic services that businesses take for granted. The entire IT landscape would change, as organizations are forced to disentangle business functionality from a single ecosystem into a complex and distributed nexus of smaller providers. They would also need to fund previously free or inclusive services and retrieve and repatriate terabytes of data.
Public and government opinion of big tech firms has been negatively impacted by some high-profile scandals. In December 2018, it was reported that Facebook allowed other high-profile tech companies to access personal data on its platform by reading user messages. Facebook was also hit by the Cambridge Analytica scandal reported in early 2018, and Google was hit by a large European antitrust fine.
Calls for a break up of one or more of these big tech giants are getting louder, owing to their significant power and influence over business, politics and society, as well as their sheer dominance over industries. Many commentators draw comparison with the power and influence of Standard Oil in the early 20th Century, before it was broken up by regulators. This break up led to a period of significant turbulence for dependent businesses, as well as a reshuffling of many supply chains. The chair of America’s Federal Trade Commission and the European Commissioner for Competition signaled in late 2018 that legal changes aimed at correcting market distortions were being crafted on both sides of the Atlantic, suggesting a break up of one or more of the big tech giants may be imminent.
How should you prepare?
Calls for the breakup of big technology giants will reach their peak by 2021. By then, at least one will be broken up, significantly disrupting the availability of the products and services they provide to dependent organizations. From email to search engines, advertising, logistics and delivery, the entire operating environment will change. Malicious actors will also prey upon vulnerable, transitioning organizations.
Moving forward, organizations should evaluate overall dependencies on the big tech giants. This will ensure that if one of them is broken up, potential risk can be mitigated. Actions that can be taken now include reviewing and improving processes for managing technical vulnerabilities to include vulnerability scanning, remediation and patch management systems. Organizations should also carry out more targeted and detailed penetration testing. In the longer term, vendors should invest in secure coding practices, increase threat intelligence activities in conjunction with threat hunting to move from a reactive to a proactive stance, implement a cyber resilience program and ensure that zero-day vulnerabilities are a tested scenario during a cyber security exercise.