My work is about explaining the world of computer science to children in fun ways. For that cyber security offers a colorful playground with concepts such as honeypots, trojan horses, firewalls and script kiddies? Throughout the six episodes of the documentary I spoke with experts to learn about what lies behind the jargon. I got to visit a security center in Poland, see in practice how machine learning can help detect threats and learn how the landscape of security is changing.
But to experience the other side of the equation, I gave permission to the F-Secure team to try to hack me. The rules were simple: use a vulnerability, break in and do something.
One of the things that became obvious pretty soon was that this attack was not going to happen with any clever algorithm or brute force but through social engineering. The team would take advantage of the tiny everyday chores, habits and clues I’ve sprinkled everywhere online and use them to break in.
For the first few days I was suspicious of everything. From e-mail alerts notifying me of Squarespace domains getting old to doxxing attack warnings, from phone service confirmations to blinking mobile screens everything screamed scam. But there were just too many things to pay attention to, and auto-pilot kicks in easily. What happened? Check out the full documentary here.
After the documentary I did resolve to make changes in the way I protect my privacy and security online. But even more importantly I think I learned the same lesson as Alice in Wonderland, who after Lewis Carroll plunged her on the adventure thought “after such a fall as this, I shall think nothing of tumbling down stairs!”
There is no way you can protect yourself entirely online, especially as an organization.
What happens after the attack is what matters. An organization where employees don’t deny, panic or hide attacks is much more likely to pull through. A strategy for cyber security is as much about implementing the right hardware and software as it is about the right practices, culture and communication.
One more word on the cyber security people, who in my experience are among the most creative, curious and persistent people I’ve met. I think it’s worth redefining the way we talk about security for only their sake.
Not rigid, resistant.
Not pessimistic, persistent.
Not paranoid, paying attention.
This article was originally published by Linda Liukas.
Linda Liukas is a programmer, storyteller and illustrator. Her children’s book, Hello Ruby, is the “world’s most whimsical way to learn about technology, computing and coding.” Liukas founded Rails Girls, which has organized workshops in over 230 cities, teaching the basics of programming to more than 10,000 women. Linda worked at Codeacademy, which she left to write stories that teach children about software and programming. She won the 2013 Ruby Hero prize and was named the Digital Champion of Finland by the EU Commissioner for Digital Agenda.