My husband, Doug is from a little coal mining town in West Virginia. It’s actually a camp – Braeholm, West Virginia. When a company would open a mine, a small town typically sprung up at the base of the mine called a camp. Doug was born in such a camp along Buffalo Creek in Logan County. Everyone knew everyone and they all worked for the specific coal mining company that worked the mine. As Doug grew up and left, his home town maintained the closeness and familiarity that made everyone feel safe, secure, and loved. For example, whenever he sent his mother a letter or a package, the whole town knew. Eventually, word got to Ms. Edna that there was something for her from Little Doug in the post office in Amherstdale. Doug went to the General Store to buy an iron for his mother with no money. He told the owner who the iron was for – Ms. Edna. The owner handed him the iron and then said to him, “You one of Pete’s boy’s aint you?”
In the hills and hollows where, at the time, Google or MapQuest had no read, one simply had to go to town and ask where someone lived. We were looking for one of the union stewards and asked a police officer working the town’s only traffic light if he knew where Mr. Langdon lived – “Yes, go down the street, through the alley, his house is next to the barking dog.” But before he told us, he asked with a vague familiarity, “You one of Pete’s boys ain’t you? Which one is you, Ferdinand or Doug?” My husband, Little Doug, authenticated his identity and was given directions to the union steward. People knew each other by sight or their family resemblance, left their doors unlocked and their windows open. People slept safely and securely save for the occasional alert from a barking dog.
Today, as we wring our hands over cyber security threats, we hope for Ms. Edna’s good ole’ days where we trusted everyone and we yearn to recreate those days in our current cyber threat environment. It’s time for us to face it. The good ole’ days are gone. Today’s threat environment requires us to act and behave differently.
We must first realize that the good old days are gone. I’m not from Braeholm, West Virginia, I’m from Washington, DC. In the city, we lock our doors at night and we do not leave valuables visible in our cars. Today’s environment is such that even though I have an anti-theft system in my car, if I leave my music player and my purse on the seat, I will have a broken window and lose my possessions.
We seem to think that if we have a strong enough security system, that we can still leave valuables laying around for anyone to find it. Our data is too valuable to just lay around for someone to find it. Anti-theft systems do not prevent theft, they just slow down a would-be robber, if anything. Whenever we think we have things locked up tightly and securely, new ways of intruding are created. Kevin Coleman in a commentary says that cyber security threats worse constantly. If we are delusional enough to think that we can protect ourselves, he notes that a new strain of malware is created every 0.79 seconds.
How to Really Make a Difference
Personal responsibility really does make a difference. Some people think that a CIO Big Sister will protect them from themselves. Folks will click with the hopes of getting money from a foreign bank account, pictures from attractive admirer, or simply satisfying their curiosity. The best trained users of computer networks fall prey to curiosity or a mistaken click of the mouse. Attackers just keep getting better and better at enticing unsuspecting technology users to ultimately do the wrong thing.
Public service campaigns like what we did for litter or forest fires might be very beneficial to improve awareness of cyber security challenges. Not that signs or posters that say, “Only YOU Can Keep Our Networks Secure” or “Think About It Before You Click It” will be the final solution to our serious challenges, but heightening the awareness of personal responsibility will go a long way.
Layers of defense can help also. I noticed that when I was a tourist in Europe, the security could be described loosely as soft on the outside and hard on the inside. You could cross borders with relative ease, but there are frequent checkpoints with increasingly tight layers of security. A layered defense of our networks with technology users who are both aware of the consequences of their actions and the benefit of countermeasures creates a solid foundation to build from.
You can’t win the game without good execution of the fundamentals. This means staying up-to-date on malware and virus protection, practicing safe computing, and solid technology management practices. Monitor networks continuously for intrusions and have a plan to quickly remediate should an attack occur. Maintain the ability to quickly defend yourself.
Contain any damage or loss that might occur. Don’t walk through a bad neighborhood with your entire paycheck in cash in your wallet. Leave some of your money at home and most in a bank. While consolidation does simplify your environment to reduce the complexities needed to monitor and protect assets, maintain a balanced approach by not putting all of your assets in one place.
Be proactive by understanding the threats in your environment. Some very savvy city-folks know that if someone simply asks you for the correct time, you just keep on stepping. Correctly understanding that threat environment means that you know the desire isn’t for the correct time, but to get you to look down and take your attention off of the environment so that you can get robbed. Understand the environment that you are in, and protect your most valuable assets accordingly. Never look down and always be vigilant.
Of course, all of this is easier said than done. But, the world has changed, and our strategies must change with it. Even Braeholm, West Virginia changed. My mother-in-law passed away and the coal mine on Buffalo Creek has been closed for decades. And the isolation that bred the closeness and familiarity of those with soot under their fingernails is gone. You can even find Braeholm on MapQuest now.