Tuesday, August 9, 2011

Bike Theft - there is always a lesson that can be learned

Cable lock that's been cut.
Bike Theft - living in a city with the reputation of being bike friendly, it should be of no surprise that bike thieves love the city as well.

So what does a bike theft got to do with cyber security? Bear with me, and I hope to draw some parallels.

Yes, couple of years ago, I had my new bike stolen, on a Saturday afternoon, from a busy street that I thought no thief will be brave enough to take. I just thought I was unlucky. Not until a couple of weeks ago after I actually witnessed a bike theft first hand that I realized that it was my stupidity instead.

Then, yesterday, I was in some email exchanges that discussed whether an End of Life security device has any value. It dawn on me that bike theft and security theft have analogies.

Let me first relay to you my first hand experience of the bike theft. It was also on a Saturday afternoon but only 2 weeks ago, in front of a theatre, with packed crowd on the sidewalk. This guy walked up to the line of locked bikes. Most of the bikes used the U type lock but one used the cable lock. The thief took out the bolt cutter from his draw string backpack, clip the cable lock - all within half second and not more than 5 feet from me. I yield at him, challenging him. He replied with some stupid answer, got on the bike and took off.  This all happened within 5 seconds. I dialed 911 and reported it . The reporting took me 5 minutes.

These incidences taught me a few lessons.

1) Bike thieves have lots of practice. They think like thieves, not like good guys. Stealing a bike in a busy street is no worse than in a quiet street.

Analogy - Cyber thieves are the same. They think like bad people. They don't care if you use the internet a lot or just occasionally, you are the same victim.

2) After my personal bike was stolen, I've learned that cable locks are useless. This is a widely known fact and well published. So, why are bikers still using cable locks? The bike thief took the easiest prey.

Analogy - an End of Life security appliance means no more support, patches. This also is a widely known fact and well published. Bad guys know it too. So why are we using outdated security appliances? The bike thief can identify a security device and take his easiest prey.

3) Even though I reported the bike theft, do you think the thief will ever be caught? Even if caught, do you think he will go to court? Highly doubt it.

Analogy - cyber thieves stealing a couple of thousands dollars from our bank or credit card. You reported it, do you think he will be caught? Stealing smaller amounts from lots of people is much less noticeable than stealing a large amount from a big company.

The bike thief was clean cut and looked just like any other tourist. Lessons learned, you don't know what a bad guy looks like.

Any other lessons learned? Please share with me.
 


Friday, August 5, 2011

The lazy days of Summer

Summer are lazy days. Kids are on break. Families are thinking about vacation. Office is quiet and spam traffic is down. So life is good!

I only wish hackers look at summer the same way we do. Seeing the activities behind the scene, hackers are not taking a break. CRN released this report .

Just because you don't see it, doesn't mean it went away. The hidden ones are worse than the ones you know.

So make sure you delegate the vigilance of data security to someone before you take off on your vacation.