Cable lock that's been cut. |
So what does a bike theft got to do with cyber security? Bear with me, and I hope to draw some parallels.
Yes, couple of years ago, I had my new bike stolen, on a Saturday afternoon, from a busy street that I thought no thief will be brave enough to take. I just thought I was unlucky. Not until a couple of weeks ago after I actually witnessed a bike theft first hand that I realized that it was my stupidity instead.
Then, yesterday, I was in some email exchanges that discussed whether an End of Life security device has any value. It dawn on me that bike theft and security theft have analogies.
Let me first relay to you my first hand experience of the bike theft. It was also on a Saturday afternoon but only 2 weeks ago, in front of a theatre, with packed crowd on the sidewalk. This guy walked up to the line of locked bikes. Most of the bikes used the U type lock but one used the cable lock. The thief took out the bolt cutter from his draw string backpack, clip the cable lock - all within half second and not more than 5 feet from me. I yield at him, challenging him. He replied with some stupid answer, got on the bike and took off. This all happened within 5 seconds. I dialed 911 and reported it . The reporting took me 5 minutes.
These incidences taught me a few lessons.
1) Bike thieves have lots of practice. They think like thieves, not like good guys. Stealing a bike in a busy street is no worse than in a quiet street.
Analogy - Cyber thieves are the same. They think like bad people. They don't care if you use the internet a lot or just occasionally, you are the same victim.
2) After my personal bike was stolen, I've learned that cable locks are useless. This is a widely known fact and well published. So, why are bikers still using cable locks? The bike thief took the easiest prey.
Analogy - an End of Life security appliance means no more support, patches. This also is a widely known fact and well published. Bad guys know it too. So why are we using outdated security appliances? The bike thief can identify a security device and take his easiest prey.
3) Even though I reported the bike theft, do you think the thief will ever be caught? Even if caught, do you think he will go to court? Highly doubt it.
Analogy - cyber thieves stealing a couple of thousands dollars from our bank or credit card. You reported it, do you think he will be caught? Stealing smaller amounts from lots of people is much less noticeable than stealing a large amount from a big company.
The bike thief was clean cut and looked just like any other tourist. Lessons learned, you don't know what a bad guy looks like.
Any other lessons learned? Please share with me.
No comments:
Post a Comment