Jul 29, 2015
Had the urge to complain on LinkedIn about the terrible state of information security… it went like this…
The other week I mentioned that I was amazed by the pace of technology. It’s true. The pictures of Pluto that are coming in, the fact that we need to have a serious conversation about AI military weapons, all of it is just, well, wow.
However there is this other thing I am totally and completely amazed about. It’s information security. I could go big on this and talk forever but I’ll do my best to summarize and get to the point quickly.
So as you know, for us to be happy, there’s the list. (This list I borrowed and marked up from this article over here.)
Ok- can’t help myself- quick detour…. Notice in the middle of the pyramid is security. I’ll come back to that later.
If your credit card is compromised and your significant other sees purchases that would suggest you were having this other life with hotels, booze, clubs, sexy clothing and/or whatever…then yes, you definitely are out of the intimacy game and everything above on the chart suffers. So it passes the test of logic.
The current state of information security: Amazingly Stupid.
When you think security, do you trust it to Mall Cops? Do they keep you safe at the mall or are they just chasing down the guy with the perfume in his pockets?
As an individual I am required to register as a customer sharing personal details with suppliers, service providers, medical professionals, employers, lenders, schools, recreational sports leagues, ad infinitum.
Within the last 6 months, all of these have been compromised, remotely, over the internet.
The US Government doesn’t apparently believe in securing my personal information very strongly either. The irony is there has been lots in the media about NSA data collectionbut let’s get real: My tax records, postal records, security clearances and so on and so on… have all been slurped up by people that have zero accountability to anyone that I care about.
As an individual I feel like the NSA is not my biggest problem, in their case, whatever I say goes to some uber secure vault only to be laughed at by my countrymen. The bigger threat is the free wifi connection at the grocery store that allows everyone in the world except me to not just record my communications but actually see my bank balance.
Nothing in technology-ville is very secure. Remember this one from a long time ago (24 hours ago.)
Not your phone which you just use to ???
Get a harmless picture from the corner store the other day?
As I mentioned before I could keep going for a long long time. It’s a bit depressing but you need to realize the seriousness of today’s situation.
YOUR INFORMATION IS UNDER ATTACK BY EVERYONE.
We have technologically evolved from the birth of the digital age and moved from the Dark Ages (ignore Facebook for the moment) to life in the Wild West. It’s not much different. What is your personal information’s privacy life expectancy?
But what, really, is the problem?
Your information is constantly being harvested by others.
One typical impact has been others spending your hard earned money from time to time. Maybe you have had to dispute charges with your credit card company. The harvesters will evolve. We don’t know what they will do. We do know they will take our information harvested from the US government and build better weapons to use against us in the battlefield as they have said as much.
We aren’t sure how powerful and brazen the hacker gangs will get. It’s not inconceivable that instead of just reaching into your wallet from time time, they just redirect all of your hard earned money, saving, retirement etc.. if they’re doing that, then it’s not hard to see a point where they cause pain in your life like foreclosures and trouble in the courts just to keep you distracted from their thievery. We could be individually or collectively knocked off the infrastructure of life, either on accident or on purpose, and things could get very ugly.
So who fights for the us, the users? (Yes, quote is from Tron!)
Spoiler alert! Alas, Tron died so it’s not him.
Theology explains that God gave the world free will so his hands are tied. Superheroes were proven to be susceptible to this same problem in Pixar’s Incredibles. Most of your parents don’t know/can’t help. Your government can’t help. The neighborhood friendly multi-billion dollar technology company can’t do much. Can’t even trust anti-virus companies.
Only one currently has this responsibility.
The only thing you can do is raise the difficulty level and keep the problem out there. I suggest mourning your privacy and moving on to action. Steps like this:
So now what?
Immediately stop trusting these guys to protect you:
- The Constitutional/Laws of your area.
- Short and/or memorable passwords including your 4 digit birthday.
- Unlocked phone/computer/etc…
- Unencrypted anything stored
- Unencrypted anything important transmitted
- Communication of anything you wouldn’t want to put on a TV commercial during the World Cup and Super Bowl using any electronic method, especially with social media. (Snapchat/Twitter/Facebook et al…)
- Any wide open WiFi without taking precaution #3. Ok any Wifi.
- Debit/credit cards…especially those without chip and PIN protection.
- Electronic/man-machine interface points like Automated Teller Machines (ATMs), Point of Sale Terminals (POS) etc…
- Home Wifi router security
The modern world encourages convenience so it’s really tough not to brain out and just check your bank account on WiFi or buy gas at the pump with your debit card.
It’s not wise.
Until there is some massive upheaval in the information security realm, there’s not a whole lot you can do about the leaky government, leaky enterprises, lazy developers, hacker gangs, adversarial hacking and espionage by foreign organizations and, well, global information security in general.
All I urge you to do, is be aware. If you don’t lock your car, it’s far easier for someone to burglarize things inside. Your wallet is unlocked.
As a side note, I focused on personal information but be aware that communications networks are randomly secured. The over the air protocols for wireless are very easy to open and examine with cheap tools but there’s probably a security gateway in between the base station and the internal network… (There better be.) A deeper problem is the password to the hardware itself is probably easily socially engineered or guessed. I badge into locked/secure network operations centers only to see things like this too many times.
OH yeah, one very last thing…back to Maslow’s needs. What do you think about moving Security to the base of the pyramid?