People aren’t taking cyber security seriously enough in part because they assume other people are doing it for them – which isn’t always the case.
It is not the most comfortable feeling when you see fit to disagree with a US President. Oddly, the President on this occasion is not the incumbent, but Franklin D. Roosevelt.
He famously said, during his inaugural speech, “let me assert my firm belief that the only thing we have to fear is … fear itself – nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance”.
The thing is that we do have something to fear which is not just fear, and it is now such a part of life that, being human, we are basically ignoring it and hoping it will be OK: the cyber attack.
Some humans talk the talk, to little effect. Apparently, according to Internet Society’s 2017 annual survey, the biggest concern for users is no longer access but security.
As one US President has probably said (privately), “No shit, Sherlock.”
According to a recent report, half of German companies have been hacked, attacked and/or had data stolen. Half. How many million is that?
And now we also know that a cyber attack is capable of bringing down infrastructure. Energy grids can be compromised and taken offline. Military aircraft can be hacked for very little money. So can Jeeps and Segways.
We should be afraid and we should be taking action. All of us.
But we are not.
We have built a Somebody Else’s Problem Field around it and we are carrying on and keeping reasonably calm. In fact, according to (yet another) survey of security professionals, the vast majority of workers are far more concerned about getting their job done than about security. Ninety-four percent said this, whilst 64% of security professionals admit to modifying security to allow employees more freedom to get their work done because of a request from leadership. And 40% of them admit to turning security off to accommodate a request from another part of the organization.
We assume that someone else is taking care of it, and we worry in a slightly abstract way that they are not very successful because we get daily accounts of another, even more dangerous, security breach.
There are, of course, things that we can do about it. And some of us do them. Our esteemed colleague Tony Poulos, for example, has 600 different passwords, all generated by a highly, super encrypted Random Password Generator.
Companies, too, are on the case. Development of technologies like quantum cryptography provides some hope, but that’s a few years away and may end up being just another arms race. This is one of the basic problems with security: the good guys are always on the back foot. We cannot always know how far ahead the bad guys are (or who is behind them forking out cash), and therefore all we can do is react.
Possibly the only good news in the whole security nightmare is that we are able to react faster and faster.
Cynical as we may be about it, AI might be very useful in this most important of all battles. And let’s be clear, we are not talking about the over-hyped version of AI, that, according to the press releases, knows what you know before you know that you know it.
The more common, real version, where AI can look things up extremely fast, and react, is useful. It can learn in as much as it can spot patterns that are not normal. So, perhaps, security is one area where AI can be used for the greater good.
Let’s hope so, because if we leave it to human intelligence, we’ll be too busy making the tea and answering emails to do anything about it.