The paradox of progress

All technological advancements have had one aim: to make our lives better. And of course, to save us time. But there is a startling paradox: the more ways we invent to save time, the less time we seem to have.

The pace of the world is getting faster and faster. A friend of mine recently shared an insightful line that she heard at a leadership forum, “Today is the slowest day of the rest of your life.” A scary thought to contemplate. Yes, where does the time go???

With all technology there is good and bad. The car seems like a marvelous idea. But when the car became a reality no one ever considered drunken drivers, for example. Such a serious problem this is, that getting a “DUI” in America can ruin a person’s life. Driving under the influence is no laughing matter. And of course, there are accidents, and thefts and carjackings. Yes, cars bring their fair share of problems. And the same goes for just about everything we invent or develop.

Airplanes are a miracle, but the world is afraid of terror attacks and hijackings. Mobile phones are another wonder, but we are glued to them, as if we were getting news that the world is about to end.

Let’s consider the online world made possible by the Internet. It brings us so much, and at the same time, it presents so many challenges. Loneliness is a leading disease and all this digital connectedness has disconnected our analogue souls.

We do things online constantly and we make ourselves more and more vulnerable. Social media is a key example – people put all kinds of personal info online and never think twice about it. Hackers out there are using this against us, and online crime is on the up and up.

New things hit the market, and we jump right in, and before we know it, we are anxious. So we pass new laws, and try and educate people, and then we invent new things to help us enforce these laws. The car led to the breathalyzer, the airplane must have had something to do with the widespread adoption of x-ray machines at airports, and the mobile phone has led to all kinds of depression medications, well, that is my guess. And of course, the Internet has paved the way for cyber-security firms, building firewalls, and developing anti-virus software, etc.

When you look at the modern day corporation, one of the biggest concerns is about data protection. Imagine if a hospital had its patients’ records exposed or modified. Think for a minute what would happen if a bank’s data got deleted. If you woke up tomorrow and logged on and saw a zero balance on your bank account… let’s not even go there. And what if government servers were compromised. Phew, there is no telling where this could all go… but, one thing is for sure, modern organizations need to start taking their infrastructure’s safety a lot more seriously.

Companies today need to do all they can to make sure they are not being breached, and “owned”, as the cyber-security world refers to it. Protecting your organization’s critical servers is a given. And with this, being made aware of a breach is fundamental. But this is a subject for another discussion.

Today I simply want to comment that with the good, comes the bad. We are living at warp speed and with each passing month we are embracing more and more tech. It is a miracle, yes, but also, it has a dark side.

This festive season I wish we all switch off a bit, and try and get some offline time. The souls of the world desperately need it.

Mobile phone scare

My friend Saki runs a fairly big business, and he gets people calling him and asking, “Did you just call me ?” This happens at least once a month. Phishing is not only about e-mail, but also, mobile phones. Going after a big fish, what is referred to as whaling, is a serious problem. Criminals are honing in on CEOS all across the globe. In this example, someone who knows Saki, and who has his number on their phone, gets a call from a fake Saki with some hard to hear instruction like “We need pay this vendor the following amount that we owe them.”

Spoofing an outgoing mobile phone number is a big issue.

With very little imagination you can see how scary this can be. Imagine you’re an IT engineer, and you get a call on your phone from what appears to be the head of your organization, saying something like “We have an emergency, This is urgent. Please reset the password on the firewall to abc123.” Phew!

I was watching a YouTube video recently, which showed how a lady called a bank help-desk and had a crying baby in the background, and that was enough to tip the scales and get them to cough. Apparently a crying baby puts the person on the other end of the phone line under pressure and they feel compelled to help what sounds like a desperate customer. So, if you get a call from Saki’s number and you hear a crying baby, be a bit suspicious. #justsaying

Hacking continues to get more and more creative, and more and more crazy. And this phone stuff is really terrifying. A friend of mine in Europe got hit with a phone scam last week, which I am told is starting to rear its ugly head more and more. My friend arrives for a meeting in Geneva, and his mother gets a call with someone going “Your son is in Geneva and has been detained at the airport – you need to urgently pay $1000 to help him get released.” His mother freaks!

Yes, computers on the Internet and the people who use these machines are vulnerable. But when it comes to mobile phones and some of these new scams, well, this is just a different kind of terror altogether.

Banking on Bitcoin

http://www.imdb.com/title/tt5033790/

“We have banks that have ATMs on every street corner of America. And those banks know very well that that cash could be getting used for drugs. And yet, that’s fine, they are allowed to do that, no one gets into trouble. But Charlie sells Bitcoins to a guy who sells Bitcoins to someone who uses drugs, and he goes to jail. He was an entrepreneur that started building this industry. He built services that people found useful. When bankers almost destroyed the world economy, and none of them got in trouble whatsoever. And here we have this 23 year old kid and he goes to jail, because he started building an alternative.”

At the bank …

Boudreaux was called into his bank to discuss his accounts.

“Your finances are in terrible shape,” the banker stated. “Your checking account is way overdrawn, and your loan’s are overdue.”

“Yeh, I know.” said Boudreaux. “It’s my wife, Marie. She’s out of control.”

The banker asked Boudreaux, “Why do you allow your wife to spend more money than you have?”

“Mais, to tell de truth, Mr. Banker,” replied Boudreaux with a deep sigh, “because I’d rather argue wid you than wid her!”

Inside Job

I was recently driving back to the office from a customer meeting with a colleague. She was telling me about the gated community she lives in with her family. I was stunned to hear that even in these walled worlds there is still crime and houses being burgled. Turns out that we have sophisticated criminals in our backyard, literally. From what I understand, these lawbreakers rent a house in the gated community and then rob the homes inside the estate and store the loot in their rented house and then get a truck and move out with all the stolen stuff. Sounds like a decent plot for a film script caper but this is real life.

Since I have been learning about honeypots and laying down traps, it occurred to me that it would make sense to have a decoy house added to the equation. Dress it up real nice, make it look valuable and attractive, and then have cameras on the inside that records who comes knocking on the door, well, er, who climbs though the open window, that was left vulnerable on purpose. That is what an interactive honeypot is designed to do – it sits their quietly, and if someone comes along and starts to fiddle it will send out an alert. Suspicious behaviour is generally always a problem. No honest person accidentally climbs through an open window into a stranger’s house.

Perhaps we could even call these “housepots”, like a honeypot for your house. Yes, this may very well be one way to detect these new cunning villains. Of course, one has to wonder on the vetting process. Can anyone rent a house in a gated community? Apparently, yes. The same with corporate computer networks. When your company reaches hundreds or thousands of staff, then is it possible to say that each and every person is on the up and up?

Honeypots are cost effective and very smart. I believe we will be seeing more and more creative uses of these elegant traps, especially considering the high unemployment around the world – becoming a hacker, for example, is a career path for many who can’t find a job.

What you want to know is if you have been breached where you live (physical) and where you work (online). There is no perfect science when it comes to keeping people safe, so, lay down traps. If your first line of defense is bypassed then have another control in place.

Cry me a ransom

Picture this. A busy office building, people everywhere, energy, tension, excitement, hustle, bustle… Phones are ringing, e-mails are flying, and computer keyboards are being hit non-stop. This is life in the fast lane.

In the typical modern corporation there will be strategic objectives and operational parameters, and of course, weekly reports, monthly goals, quarterly targets. And there is constant pressure to bring in the numbers. So, it is not uncommon to find stressed out people that are literally on the treadmill from the time they wake up until the time they hit their beds and collapse.

Long hours seems to be the norm for so many. And there is this never-ending pressure to check your messages. It used to be just e-mail but these days it is also WhatsApp and Slack and LinkedIn, and the occasional phone message (some people still do leave voice mail messages), and then there is social media, which is an abyss all on its own. The constant anxiety to stay up-to-date. Yes, stress is all around us, and it only seems to be getting more intense.

To hear someone joke, er, complain, about the pressures of modern day life is pretty common. So picture this now for a moment. A busy office worker talking to their manager :

I really need a few days off. I am just exhausted.

What’s the problem?

I am just tired of being on the phone all day, talking to customers, every day. It is exhausting. And some of the people are so rude.

Perhaps you just had a bad day. Tomorrow will be better. Come in a bit later tomorrow and try get some sleep tonight.

Ja, perhaps you are right. It was just…  this one guy today… I spoke with him 3 times and every time it was so painful.

Now, think about this for a minute … what business are they in?

Are they selling something over the phone? An insurance product? A mobile phone offering? Or perhaps this is travel service?

Maybe. But, how about this : organized crime. No jokes. Yes, the modern company I am describing in this story today are in the ransomware industry.

And this company has an HR department, and thirteenth cheques, and career paths, and mentorship programmes… yup.

Mafia are online these days, and they are extorting companies and people using malicious software (malware). It is big business, and it is professionally run and it is growing fast.

In the last month the world heard about WannaCry – this is going to continue. Ransomeware is big business.

When you think of computer hackers, think of high tech office buildings, complete with canteens and corporate pubs, and with modern day stresses.

This is the new world of online organized crime – modern, sophisticated, and yes, twisted.

Life is a breach

When we think of online crime, we think of someone taking money out of our bank account. That is the common illustration of a threat in the world of cyber security. But there is something far more fundamental that is soon going to worry all of us: breach.

We all lead very private lives. Social media is about the images we project, but behind the scenes we don’t reveal our vulnerabilities. Our medical records, our educational accomplishments (or lack of), our bank balances, our tax returns. And what about our shopping habits, our travel plans, our hotel bookings – these are all private. Can you imagine if a hospital computer network is breached and all their patients’ medical conditions are made public. Just think what would happen if everyone’s tax returns suddenly were floating around the Internet.

We all remember that scene in that beautiful film Love Actually, when the late, naughty Alan Rickman bought an expensive gift for his office co-worker, and we remember Emma Thompon’s sadness when she found out – she happened to see her husband sneaking around buying the lavish present for his mistress. But, can you imagine if one could simply look online and see what your partner is spending money on.

I remember one of my first clients back going back about 20 years. It was a big hotel chain. They told me that on Valentine’s Day they have 400% occupancy. Imagine what would happen if they were breached and all these people’s names were suddenly there for everyone to see. The Ashley Madison hack is a case in point: people committed suicide over this.

Laws are coming to punish those companies that don’t behave responsibly. Australia is ahead of the curve on this front. Breach laws are coming into effect this year. A company will legally need to report any data breach to the government, and also, notify their customers that have been affected.

According to the bill, a data breach is classified as an instance where there has been “unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (the affected individuals), or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure”. It qualifies as an “eligible data breach” when there is a likelihood that the individuals who are affected by the incident are at “risk of serious harm” because their information have been exposed.

In short, if your company has a breach and does not disclose it, and you are get busted, then the guilty company will be hit with massive fines. But this is not the real problem – it is about the people that are affected by having their private data exposed. This is where the real damage could be, and hence why laws are coming to help keep people’s private lives, private.

For a modern day company, university, or any organization that is holding a ton of private, and often, sensitive, data, breach is becoming a big concern, and an item on the executive agenda. This is not something that can be delegated down the chain as a nice to have project to be looked at in someone’s spare time. This is a serious issue. We have all our private information sitting there in databases connected to the Internet, and if a hacker really wanted to cause trouble they could mobilize mass panic in one well-crafted cyber attack.

Today’s connected organizations need to be responsible and they need to put in place the necessary technical steps to be notified of breach, and to do deal with these vulnerabilities as soon as possible. No one can afford to bury their head in the ground on this matter. To end off, imagine if a law firm or one of the accounting giants got hacked – just think of what a breach could lead to when it comes to confidential and private information. Phew!

Breach notification technology and “incident response” is soon going to be mandatory for all connected organizations.