What I Talk About When I’m Not Talking About Running
Last week I celebrated 20 years covering cybersecurity, the subject that launched this blog back in 2005. Even when I was employed full time in another industry, I still wrote regularly about ways to protect ourselves from malicious users trying to compromise our data.
While I was getting a lot of LinkedIn love for a post celebrating my milestone, the Employment Development Department for the State of California was demanding my company pay back taxes for an employee that did not exist. My first thought was that one of our independent contractors misclassified themselves, given the amount they reportedly made from us was $17,500. Our employees (a) make more annually and (b) rarely have their salary totals rounded to such neat numbers.
Then our accountant sent a front-page New York Times article and I realized we’d been swept up in a cybercrime in which bad actors made real unemployment claims using our company’s data. The heist screams of bots and automation and is why California’s EDD stopped processing new claims for weeks to deal with a sudden backlog. That meant actual laid-off workers had to wait while the state paid criminals and came after companies like ours for thousands in back taxes for fictitious claims.
It’s a mess. It’s always a mess. And it’s a good illustration of what I do and why I do it. The good guys need help, a lot of it. I do my small part, but it’s never going to be enough. These talented men and women are busy defending systems with limited resources because cybersecurity is a drain on budgets, a discipline that works when nothing happens. That makes it tough to show ROI to number crunchers. It has gotten better in recent years as executives have been paraded in front of press to assure customers they are working on it. Money talks in the business world, louder than anything. But often the enemy is from within—folks like you and me who get impatient and look for ways to circumvent security controls. The last security conference I attended in person devoted the entire event to how to handle the human element.
Bad actors join forces not because of some warped personal mission or credo like in the movies. They do it because they can and then can’t break away. These men and women go in search of like-minded malware developers and those digital connections are then exploited or the source for extortion. It’s how the bad guys get so good at stealing and selling our private data on the dark web. No one worries as much about financial data because there are mechanisms in place to make us whole…eventually. Identity theft is still a major pain in the arse, but if participants in a webcast I did last April are any indication, it’s not nearly as inconvenient as earlier credit freezes. But medical data is different. There are seniors being denied health services because a fake bill paid by Medicare prevents further treatment. There are young parents who have no idea their newborns’ medical records are being used to con pharmacies into dispensing opiates sold on the black market.
The pandemic certainly isn’t helping. Poorly protected home networks now comingle with work ones and everyone is burnt out, whether from looking for work or holding on to it.
We need a break. I need a break. But to slow down and loosen our collective vigilance is not an option. So, I continue to fight the good fight until there’s no fight left in me. And in between, I’ll continue to work off the extra stress with assistance from my running shoes and the open road.
Image by Fernando Arcos on Pexels