Attack of the Cyber Space!

According to a recent Pew poll, American users are more afraid of "cyber attacks" than world-impacting threats, like nuclear weapons. Granted, you are more likely to get your credit card number stolen than someone is likely to push the big, red nuclear button of doom, but that's like being more afraid of being pick-pocketed than being beaten to a pulp and robbed when you go to a big city. Getting your wallet or credit card number stolen can be a big deal, especially the first time, but it's more on the annoyance level of threat than loss of life or limb level of threat.

What is a "cyber attack" (according to popular opinion)?

Unshockingly enough, Hollywood and mass media have a lot more to do with this fear of hackers than reality does. People seem to think that rogue (or government sponsored) hackers can ruin their lives (sort of true), bring down power grids (not likely), and start WWIII by hacking missile launch or guidance systems (thanks, Hollywood).

The first thing most people think of when they hear they've been hacked is usually something to do with their bank accounts or credit cards. This is common enough that financial institutions have a set of guidelines already in place to deal with unusual credit card or account activity. If you're afraid someone is going to drain your accounts, that's more difficult than you think. Since banks don't like to lose customers or money, they usually put some kind of hold on large amounts of money being transferred around. There are also federal regulations on the movement of large amounts of money.

Financial ruin? Unlikely.

Now there are other attacks that are more likely to harm individuals, though generally not physically. Facebook accounts and other social media accounts can be hacked and used to ruin people's reputation. Hackers can post personal information of others and release the full might of Internet trolls and bullies (which generally include death and other unsavory threats).  They can also upload private pictures or doctored pictures to sites and ruin someone's reputation enough that they'll be unable to get a job in their chosen field. These kinds of attacks are less reported in the media and significantly more difficult to recover from.

Life ruining? Possibly. Do people think of this when "cyber attack" comes up? Probably not.

Getting into the more dramatic, high-profile, high-damage ideas of hackers, losing infrastructure or missiles to cyber attacks is not particularly likely. Squirrels, tree limbs, and Mother Nature are more likely to cause a black out than hackers. As far as death and destruction from missiles or nuclear weapons, well, I haven't heard of any confirmed (or unconfirmed) death from a cyber attack. Cyber attacks can certainly cause damage (aka, Stuxnet), but they don't have the massive loss of life or property damage that most people seem to fear.

Death via hacker? Nope. Get me my self-driving car, and then we'll talk.

Why are we afraid?

There's a lot of hype around "cyber" threats that stem from popular media and ignorance. Computers have become widespread enough that everyone can relate to "cyber" dangers in movies or television, but only people in our industry seem to realize how much these fictionalized attacks are either widely exaggerated or just wrong based on current technology. News stories also get a lot wrong when reporting security breaches. It doesn't help that there are companies designed to take advantage of these fears and spread computer security misinformation to drum up more business. Few people are taught basic information security, so they make poor security choices and unreasonably fear attacks.

For a real-world example of how non-IT folks interpret the news based on how they think cyber attacks work, my mother is very concerned about me purchasing things online due to the Target credit card breach. I can't seem to convince her that the Target breach has nothing to do with how I shop online and that she really doesn't need to worry about that. She sees "credit cards hacked" and then associates that with online shopping when it has nothing (or at least very little) to do with online shopping, especially online shopping at non-Target stores.

Simple preventative measures

If only we could get everyone to attend a short information security class... Really, the easiest and most effective way of preventing the feared "cyber attack" is probably basic information security. Things like using strong passwords or pass phrases, cycling your password, not keeping lists of your passwords, and not clicking on strange links are the most likely steps to take to prevent security breaches.

  • There are some credible resources out there (including several great TED Talks presentations) that discuss fears like nuclear attack and cyber attacks, and many of them come from a misunderstanding of actual risks and trends.

    It turns out many alarming situations are at the front of our focus due to media outlets trying to get our attention.  In the old days the mantra was "If it bleeds, it leads."  Today it's not that much different--the greater the immediate shock value, the more advertising dollars might be garnered from stories focusing on it, therefore the more likely we'll see it multiple times in a day or week or month.

    As a result we may come to believe that the most important, wide spread, critical issues facing us could be those that deal with 2nd Amendment Rights, or extreme actions of prejudiced white police forces against blacks, or global warming, etc.

    But when analysis is done that reveals the actual risk, impact, or condition, it may easily turn out that things aren't as bad as we believe-- we're merely feeling the results of media outlets (no matter whether television, radio, Internet, or print) trumpeting a continual mantra of bad news.  Our minds take the information and form an opinion that is based on those stories, while we receive no actual data that has statistical import.

    Don't discount the actual bad things happening; atrocities occur and must be prevented, and discrimination must be fought. 

    But try to understand what's important on a big scale compared to what's being ballyhooed on the latest news update, remembering that one politician's scandal lasts days or weeks, while a Fukashima or Chernobyl incident lasts for lifetimes.  Keep perspective.

    An easy example of misunderstood conditions is how our society equates life expectancy's relationship with wealth.  I think we may have the idea that relative income, compared with others' income, can somehow equate to actual health and life expectancy.  Media and politicians and social reformers tout it so frequently it seems like a fact, and that things are actually getting worse for the world's poor people.  It turns out that intuition is not accurate, as shown here:  http://www.ted.com/talks/richard_wilkinson?language=en

    Tie this exposure to media and misunderstandings into the Cyber Attack publicity and we might find things aren't as bad as the media may be trying to portray.  But when we look at the actual statistics, we'd be wise to conclude that our risk of being hacked continually may be increasing, and the likelihood of having been hacked without our knowledge may approach certainty.

    The cost for an individual's protection is relatively low: one might improve one's electronic security posture by avoiding wireless communications, or by not connecting to the Internet at all.  But at what cost? Wearing tin foil hats to keep the mind readers away?   Is there a way to share Internet Knowledge and learn safely, without risking sharing too much personal data?  Can financial transactions and banking be done with as little risk online as if done in person?

    I enjoy learning new things and being entertained by creativity shared by Internet users.  Would I shut down all my access if I understood the true impact and risk of connecting online?  Or would we find alternate and safer methods of protecting ourselves?

    It sounds like a CISP certification could come in handy for every one of us . . .

  • FormerMember
    FormerMember

    nice one ..........

  • There are enough news articles published show breaches that the thought process should be "I've been hacked, now what"  definitely agree with Jfrazier

  • Part of the challenge is getting people to not think "It can't happen to me" because it can and it is not a matter of if but rather when.

Thwack - Symbolize TM, R, and C