Be Afraid, Be Very Afraid

cyber tuesday logo smaller“Even a man who is pure at heart/And says his prayers by night/May become a wolf when the wolf-bane blooms/And the moon is full and bright.”

The Wolf Man

When the days grow shorter and the darkness of night tightens its grip on the northern hemisphere there comes a quickening in the pulse of daily events. Even the most jaded among us will feel a distant urging, a sense there is much to do and time is running short.  We connect with a more ancient time, a time when our ancestors would gather their supplies and hasten their preparation for the coming of winter. In the language of the poet it is a time when life comes sharply opposite death. That is a perfect metaphor for Halloween, All Hallow’s Eve, the night when pagans believed that the boundaries between the worlds of the living and the dead overlapped and the deceased would come back to life and trouble our sense of security.

It seems a bit odd, but we like being scared. Our hearts beat faster, a chill goes down our spine, we get goosebumps. For many of us, we also get a surge of strength and energy, the classic adrenaline rush. The thrill of an adrenaline rush can be intoxicating, and that’s part of what draws us to risk taking, to driving fast, scaling heights, riding roller coasters, watching horror films, and allowing ourselves to roam the dark recesses of our minds and be scared on Halloween.

The Wolf is at the Door

What does cybersecurity have to do with being scared? I think you know, but let’s look at what others are saying. Take Joseph Weiss…“Cybersecurity Expert: Be Afraid, America. Be Very Afraid.”  Mr. Weiss points out thatNation-states such as Iran, China, Russia, and North Korea have the knowledge and capabilities to damage our critical infrastructures with cyber-attacks. Additionally, vulnerabilities are being identified on what seems like a weekly basis and cyber exploits for most industrial control systems are now freely available on the Web. That puts potential weapons of mass destruction into the reach of small-scale attackers.” He posits that in the face of these threats “our nation is woefully unprepared to defend itself.”

Invasion of the Data Snatchers

If that doesn’t provide a chill, there’s this. In 1938, Orson Welles carried out one of the great hoaxes in American history when he broadcast “War of the Worlds,” a dramatization of a Martian invasion of earth. What seems funny now caused a nationwide panic, as people jammed highways trying to flee the invasion and police offices were flooded with calls for help. Today we have the invasion of the data snatchers, as hackers manipulate data in a way that threatens national security.  Here’s The Hill reporting on data manipulation, “Intrusions that undercut data integrity have the potential to be a powerful arm of propaganda and false information by foreign governments…” and quoting FireEye’s Jordan Berry, “For instance, if some hot flash reports are coming from an event and a nation-state has in-between access from on-the-ground reporters to people who are receiving that information, and they want to change the perception, they can change those reports before they reach their final destination,” Berry said.

At this point you may be forgiven for reaching for the wolfsbane and tying on the garlic necklace. If you feel the need for divine intervention, I offer you this Scottish prayer.

From ghoulies and ghosties
And long-leggedy beasties
And things that go bump in the night,
Good Lord, deliver us!

A Nightmare on Elm Street…and other places

You Apple users could have gotten this from Siri, or Google. But, then, you should know this from Wired…“Siri may be your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.”

Now that’s spooky.

——————————————————————————–

By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

October 20, 2015

active