(Un)comfortably dumb - Cyber security and awareness

CLICK HERE FOR THE LINKEDIN VERSION OF THIS POST

Hi, I'm a computer junkie, sitting all day in front of a PC.

During my career I've gone a long way, from the mysteries of a word processor to the deep caves of Windows, then I've plunged into the darkness of a command line where nobody gets out alive. Afterward I started feeling the UNIX call and I did it, I switched to Mac. I've dated the Big Bitten Apple and I'm still deeply in love with it but I started wondering what was so cool about the Penguin and so I learned that his name was Linux. I've met all of these guys we grandly call "operating systems". They're nice guys, even though they have their bad days, but every time I had issues with them I learned something new.

 

 

Sadly I got a problem: when I have to deal with someone who doesn't have a clue about computers, I start getting upset. In the people's imagination, we IT guys are a bunch of geeky nerds, deeply introverted, incapable of communicating and good at nothing but computers.

To computer-illiterate people we are a necessary evil. They dislike us, but they have to look for us when they mess up their operating system beyond any remedy.  

The worst part of my job is dealing with people, because we speak two different languages. 

But don't think this is all about an antisocial cranky crotchety old geek such as me. The economic and social consequences of these misconceptions and misunderstandings can impact everyone because today's world is based on a dangerous underlying contradiction. 

Technology has changed our lives and is everywhere. We can't help it because it's improved the quality of several areas of our lives, from healthcare to power stations, but this makes us much more vulnerable as well. What if hackers got hold of a nuclear plant right now? 

Science fiction? No, harsh reality. In 2010, a computer worm called Stuxnet sabotaged one fifth of Iran's nuclear centrifuges. 

We rely more and more on technology but at the same time most people don't have a clue how it really works. They think they're tech-savvy because they can push a button to post the latest bulls on Facebook but using technology isn't knowing technology. 

Knowing something means to be aware of what's under the hood and why an action causes a reaction. Most of us know why turning a key starts a car but, at the same time, lots of people don't know basic computer notions. If I'd pull up a command line right now, someone would think I'm a hacker, not knowing it is the core behind all they see in a computer. The graphical interface they utilize every day is a user-friendly simplification but the command line is what makes their computers work. 

The question that should be asked at any level is: is this situation sustainable anymore? In a world where technology is everywhere and our lives depend so heavily on it for almost anything, isn't this counterproductive? Can this world afford to have an elite of technocrats holding the keys to knowledge and an unlearned mass of consumers who only have to eat, consume and die? 

We increasingly rely on technology, share our information to the Internet, handle our banking accounts online, purchase goods online and upload so much about us (our family pictures, our opinions, comments, hangovers etc.) thinking we are safe and that's our information and no one can see it or handle but us. 

Well, things are not exactly this way. Every time we sign up to a social media or file sharing website such as Facebook, we are requested to electronically sign an agreement called Terms of Service (ToS) that defines the supplied services and our obligations towards the service provider. It's such a hassle, isn't it? Lawyer's stuff that nobody reads, but we should.

In fact, when signing up to Facebook, the user hands over its personal information to Zuckerberg's company, which legally becomes its owner. This means that anything posted on Facebook belongs to Facebook and not to its users but most people keep thinking that's their information, regardless.This is only an example of how our privacy gets constantly violated because of our careless attitude towards IT security and privacy. 

Recent researches about cyber security have shown that the most popular passwords, still in 2015, are password and 123456. Last year, some of the biggest companies on this planet have been breached for overlooking security issues. If hackers have been able to breach giants like Sony, how long would it take for them to break such weak passwords? 

The careless attitude towards IT security causes small companies and large corporations to lose billions of dollars and their reputation to be diminished every day. Companies such as Target have gone through massive losses and their reputation has been damaged beyond repair. 

 

No indemnification can regain the customers' trust when a company has lost it. In such a context, the excuse "I don't know what it was, I simply clicked it" hurts and isn't enough to avoid termination if a careless mistake by an employee has caused a security breach. I'm not suggesting everyone has to become an IT person or an IT Security junkie like me but, if we rely so heavily on technology, we should probably rethink of all this. It would be better to learn the basics, just to make sure not to get the bank account hacked, or to be victim of an identity theft and (hell yeah!) lose our jobs.

For example, numerous people use their pet's name as a password. Hackers have a list of commonly used password and so, when they logon to Facebook and see that somebody has just posted a pic of his pet, named Puppy, just guess what the hacker's next move will be. Not so hard, isn't it?

 

On a corporate level, IT Security is often underrated and considered a cost that doesn't give any immediate return. This careless attitude about cyber security both on an individual and corporate level has become totally unsustainable. Every day bank accounts get hacked because of the lack of the most basic security notions but people don't change their habits and keep making the same mistakes over and over again. Companies don't behave better than individuals under this point of view. I've personally seen in my career employees storing their passwords on sticky notes left on their desks, for everyone to see.

An increasingly important part of our lives takes place in the cyber space, over the Internet. We rely on technology and on the Internet for more and more life activities than in the past, ranging from menial (booking a place to a concert, order a pizza) to important (bank transactions, online purchases, etc.). What's more, we willingly share a lot of information about our personal life through social media (Facebook, Twitter, etc.). As a result, much more information about us can be found online than before and, if a hacker knows how to gather it, he/she can steal our information, our money and, ultimately, our same identity.

I believe that education does make a big difference. Initiatives like the Hour of Code, aiming to enhance IT culture and knowledge, can be a good start.

That isn't only my opinion. In fact, Pres. Obama has recently announced he intends to ask the Congress for $ 14 billions in order to harden cyber security, both by funding colleges and training initiatives and by actively promoting the exchange of information between government and private sector.

 

The communication mismatch between IT professionals and customers and the lack of IT culture determine serious consequences to the general economic system and the society in general. 

Billions of dollars get lost every day, reputations built up over years of hard work get ruined in the twinkling of an eye and people lose their jobs because their companies get breached in the very moment I'm writing this.

 

While users can often be blamed for this situation, they're not the only culprits. I believe that software companies such as Microsoft still consider their customers more as consumers of their products than as users. 

They don't seem very worried to educate customers by explaining them why pressing the A button, they get the B result. What the button does is over the customers, who don't need to know about that. 

Their customers use a product, don't participate in improving it. Microsoft owns a monopolistic position in the computer market, as Windows-based system cover almost 90%, so it doesn't care about educating customers. Windows operating systems rather hide stuff from users to prevent them from messing up their operating systems. Their underlying logic is: "let a dummy know as least as possible and no damage will be done". Windows 8.1 is the result of it. All users can do is push a button and, to customize their settings, they have to flip through a myriad of windows.

All this can be changed. Other operating systems, such as OS X and Linux, are more user-friendly and inspired by a different philosophy, tending to empower users instead of treating them like brainless idiots

  

If Microsoft would start adopting this mindset, that could make a big difference. More IT education can help not repeat the same mistakes and, more importantly, understand what caused the error. 

Users are the weakest link and the most overlooked component in cyber security and it's time to rethink of the way cyber security is implemented today. A joint action both on a government and corporate level can prevent jobs from getting lost, companies from getting breached and national security from being compromised again and again.

 

I believe that yes, we can.