The Iron Jacket and Cyber Security Evolution Summer – 2017
Deadly new Cyber Security threats are coming to a business near you… very soon. Cyber mayhem is on the horizon. To bring better continuity to the collective underlying thoughts, this series of blog scripts’ has been re-set to perform more like a short book. Cyber Security is constantly evolving and growing. Can we do less and survive? As we have been plowing new ground, we have encountered moldy old artifacts.
What we have learned in recent months has brought our standard business plan to a screeching halt.
We have the world’s best cyber security products, but selling them under a standard business plan, without benefit of the following observations would have been a colossal failure… one that I personally do not wish to be a part of. This treatise will explain why. It will also reveal insightful information that every business person needs to read. Be sure to read Post # 5 – “Spin the Bottle” as Cyber Security is about to become deadlier than ever.
POST # 1 Cupcakes full of surprises…
By J.R. Hildebrand, CEO, RADIAN Global, Inc.
May 2016 / edited and re-posted Summer 2017
In the summer of 2015, we at Raidian Global discovered a serious potential security breach within the general assembly of essential Internet access hardware. Units were being shipped from various factories to retail markets with built-in firmware flaws that could make every user vulnerable to multiple forms of hacking.
Because of the potential, large volume impact on a global basis, the only way to quickly deal with this issue was to make the manufacturers of these products aware of the issue and challenged them to immediately fix it. We labeled the exploit group “Cupcakes” and proceeded to privately contact the manufacturers. Our mission was to thwart a potential worldwide catastrophe without expectation of monetary gain. Getting through to them without demonstrably shaking their very cores was a larger, more time and resource consuming effort than we ever imagined. Just dealing with the initial denial of probability was disheartening at best.
An ounce of prevention.
We faced a conundrum of gigantic proportions. Handling our discoveries on a highly responsible basis was priority one. Going public with this information would have panicked the end users while also alerting hackers. This was a tough issue. Hackers who perhaps had not yet discovered the exploits would have a bonanza of opportunity to play with for the months that it would take to shut down the exploit portals. Looking at the big picture, we elected not to go public and surmised that widespread damage was diverted because of the silence. We gambled on manufacturers to do the right thing, but only under threat of negative public exposure, did they respond. The IT personnel we contacted eventually, but reluctantly, reacted in a positive manner. However, to save face and embarrassment, they quietly went about correcting the issues in a some-what covert fashion.
We tried to be a helpful partner, demonstrating to these folks our sincerity and capability in Cyber Security. We elected to take the high road to assist with no financial expectations for our help. We merely wanted the exposure for who we are and what we do and perhaps find a new collaborative partner. In this regard, we failed miserably. Yes, these folks all know who we are now. However, because of the culture of pride, we were summarily dismissed and ignored in order for management teams to save face with their bosses… who had no idea that a huge, potential crisis for them had in reality been diverted by a relatively unknown third party from an unlikely haven in Colorado.
We must explain here that we learned a valuable lesson about an underlying issue that lurks deep and has greater long-term consequences than you might initially think. Fact; many of these folks are of certain ethnicity where their ancestral cultures run deep. Within these ancient cultures, publicly admitting that one has made a mistake and following up with efforts to correct it is not readily accepted behavior. Therefore, when Raidian Global recognized “Cupcakes” for what it was and corrections initiated by those whom we alerted, there were no big announcements. Corrections were launched with sudden and yet subtle, visually laid-back action. End users were softly encouraged to change passwords, update firmware and practice other security protocol with their equipment. This result presented a very sharp, double-edged sword. On one side, a potential catastrophic event was quietly foiled without causing panic and without giving hackers any play. However, on the other side, the stealth approach has unavoidably enabled a cultural lack of transparency and accountability.
Friends, you must realize and understand that this formulary of veiled ‘discovery and fix’ happens more often than not. Unfortunately, it seems the silent treatment is frequently applied, un-ethically; more to save face for developers than to ethically protect consumers from hackers. Demographics of culture, age, ethics and biases are huge issues. It would seem that the more things change, the more some do not.
The next blog post will address these issues and how the stage is being set for more mayhem.
POST #2 Pride and Ego worse than hackers.
By J.R. Hildebrand, CEO, RADIAN Global, Inc.
August 2016 / edited and re-posted Summer 2017
Our previously reported experience with “Cupcakes” helped confirm emerging suspicions regarding how basic ego and pride affect IT and Cyber Security. The first two quarters of 2016 have provided us with greater understanding of the emerging dynamics that are forming modern business adjustments. However, some of these adjustments are taking a disturbing turn. Worse, in many cases there have been no adjustments and this failure to act has been buttressed with steadfast determination to do business as usual.
For instance; Part 1 of a very concerning trend is for IT engineers to imply to their employers that the IT team is a one-stop, fix-all, know-everything department, not necessarily needing any outside assistance for anything, including the rapid development of the exclusive arena of Cyber Security.
Part 2 is the boss that readily accepts the nonsense in part one as you just read. This happens because he or she does not understand anything beyond how to login on his/her desktop. This worked as a ‘get by’ measure a few years ago. Today it is a wretched crutch made with wet straw. No forward thinking company administrator should be too proud to admit they need to learn new stuff. If a company leadership is not willing to learn the basics and increase awareness, are they not inevitably setting themselves up for crippling cyber failure or worse, sabotage from within?
With their usually burdensome daily responsibilities, it is somewhat understandable that the bosses just want things to work. A good manager hires the best people available to handle a department, follow the company plan and deliver the expected results. SOP. It has worked well for businesses large and small for years.
Times and things have changed.
Remember, as we stated earlier, “The more things change, the more they stay the same?”
Technology has brought us Neurosurgeons’, Podiatrists and a host of specialty medical practitioners in between. They all go to medical school and have the same basic training, but would you trust a Podiatrist to treat a brain tumor? Of course not. So why would you continue to expect your general IT person to understand and handle Cyber Security without having additional help, training and funding? Sadly, this is exactly what is happening- AND this is what hackers count on. The old IT attitude of “We do it all” has now become dangerously self-defeating.
Hackers are correctly expecting a “just-enough-to-get-by” indifference, fueled by ignorance and arrogance. These negative attributes serve as catalysts for successful hacks. One day soon we will see a Fortune 500 company on the verge of collapse… simply because of internal strife created by these very issues.
The technology driven changes we have experienced in our collective cultures during just the past decade are astounding, if not overwhelming. However, the manner in which these dazzling blessings may come to be used and/or abused is ultimately regulated by individual integrity and underlying primal, cultural instincts.
Businesses seem to all follow the same time-proven pattern; they build on an idea, then thrive on it, become complacent with success and eventually wither away. It is the nature of the technology beast and it feeds an ever-growing list. If we need to provide proof then you are beyond help. If you recognize this pattern which has played out in spades in recent years then you will be quick to understand that if we are not all growing by meeting the daily challenges, then we are coasting, and coasting is akin to dying! Becoming adaptable to change and making it work for you rather than against you has always been key to a successful future. Solve the problem by identifying it. This is currently playing out in our own business efforts and discussed in a separate post labeled, “181 Degree Adjustment.”
Like an addict who requires a family intervention to bring him into the severity of his problem, if you find yourself offended or scoffing at what you are reading here – then you are indeed the person that needs it most.
Particularly in these modern times, the conveniences we enjoy make it easy to delegate and get a job done without getting dirty. I have observed that the last thing most modern business leaders are willing to do is get in the trenches with their most basic employees. The TV show “Under Cover Boss” (CBS) has changed the lives of many bosses and the people who they employ when the boss goes “undercover” and gets into the trenches. But when you consider the masses of small to medium businesses, let alone the “Fortune 500,” functioning today, the ideas behind the show are only reaching a small fraction. The concept of the show proves the point that it is more difficult to delegate with definitive probable cause; in other words, definitive probable cause only comes from getting in the trenches to find the real issues behind what works and what does not. Just looking at the bottom line financially does not give you a realistic view of the over-all health of your company.
Now, in addition to the normal past issues related to time, space, finances, personnel and product management; Internet management MUST make way for state-of-the-art Cyber Security. Not only has cyber security entered the mix, but, most business managers have been blind-sided by the sheer magnitude and speed of changes wrought by its presence.
Unfortunately, many folks have not fully and positively responded to the changes. Perhaps unwilling to accept the requirements needed to meet new developments, the foot-dragger with a “Get By” mentality has unwittingly been the fuel that the hacking community thrives on. It is a historically recorded fact that arrogance, false-confidence and misdirected responsibility, are common covers for incompetence and ignorance. Take a look around. The signs may be subtle, but they are there and if you take a few moments to reflect upon what you have just been reading, you will begin to see and understand if you have not already grasped the message.
As of today, almost every business has already been hacked on some level. Most are just blissfully unaware. However, some know it but are not ready to admit so because of fear of retaliation and ramifications. FTC vs. Wyndham Hotels anyone? http://www2.ca3.uscourts.gov/opinarch/143514p.pdf
POST #3 Seven Steps
By J.R. Hildebrand, CEO, RADIAN Global, Inc.
FALL 2016 / edited and re-posted Summer 2017
Same theme… It would seem that the more things change, the more they stay the same.
Demographics of culture, age, ethics and biases are immeasurable influential issues as we move through the depths of rapid and ever changing digital trends. Conversations with business leaders of all variety’s and dispositions reveal a common universal and archaic fear of the unknown. Many are unwilling to talk about Cyber Security because they do not understand even the basics. Regardless of the modern informational avenues available, many of these folks seem to have one or more of the following rather unenlightened attitudes:
- Cyber Security is someone else’s problem or…
- We are not important enough for anyone to want to mess with us.
- This is a passing fad, the government will arrest a few people and the problem will go away.
- That is a “Dot Com” thing and we do not do “Dot Com” stuff. (I am not kidding – this was a very real observation from the CEO of a well-known company.)
And this is the most prolific problem…
- We have a good IT person and he/she has things covered.
Can you hear me screaming?
Would you consider anyone expressing these attitudes as a competent business manager?
No? Then why are there so many of them out there?
SEVEN STEPS TO EVENTUAL OBLIVION…*
…that hackers are counting on!
- “We are not ready for that.”
- “We have never done it that way before.”
- “We are doing alright the way things are.”
- “We tried that once before.”
- “It costs too much.”
- “That is not our responsibility.”
- “It just will not work.”
* Seven Steps to Stagnation by Erwin M. Soukup
Add to the list; “I do not understand computers and/or the Internet – I leave that to the professionals.” (This is another sad example of culture interfering with progress.)
Conclusive Observation for leadership and managers:
Ignore current tech trends and you might as well save yourself the drawn-out grief and close your doors today. Without embracing change, without personally being schooled in the basics of IT and Cyber Security functionality… your business will not survive long term.
However, if your heart is now pounding, your palms are sweaty and your mind seems about to explode, then you have a chance to recover.
The best insurance is:
HIRE more IT & Cyber Security folks. Pay them very well and consider making Cyber Security a solidly established part of your company identity… supported with a healthy budget.
The consultation you have received here is worth tens of thousands of dollars and has only cost you the investment of your time. We hope you will use this gift wisely.
POST # 4 “181 Degree Adjustment.”
By J.R. Hildebrand, CEO, RADIAN Global, Inc.
SPRING 2017 / edited and re-posted, SUMMER 2017
Problem 2010: Find a way to make a secure data management system that performs better than anything on the planet.
Solution 2010-2017: I recruited an amazing team, laid everything on the line and went for it.
Having found the haystack, RAIDIAN Global set about finding the needle and we did just that. When we first realized what amazing and unique technology we had, we were understandably giddy with the possibilities. After all, we had the entire global community as potential customers.
However, as we lined up and got ready to sell our products to the masses, something did not feel right. Inner whisperings were heeded and we personally toned down the pace. What you see in the current Iron Jacket Website is just a small portion of the work involved in actually being able to deliver and support the product sales. As we worked with multiple “Live” test case scenarios, we became very concerned about the precarious paths that we could travel without even more preparation.
The problem we have with owning the most un-hackable web security available is not just its potential for good, but how it might be misused for evil and nefarious purposes. We had already addressed that issue with deep vetting via an application and contractual process.
But then the “Cupcakes” issue surfaced.
That peculiar set of affairs was followed by one revelation after another. We were facing far deeper concerns regarding potential abuse by possibly and inadvertently permitting cart-blanc security to unspecified users. In the face of emerging cultural and business contradictions our control base was woefully weak. There were dangerous roads ahead and it was time to slow down, take a deep breath and rethink our business plan.
We are not making donuts or selling T-shirts. We made the mistake of comparing our business product with conventional business models. We had begun selling up, small to large like any other business endeavor. We thought we could sell our way to financial success. But as we look back, to do so in a conventional way would have been irresponsible. Our ability to effectively and securely manage large numbers of small sales was bass-akwards. We needed either a massive infusion of capital with a big partner, a large sale or both. That said, the mistake was caught in time and has actually laid a foundation for future large volume, small business activity. All of the efforts in the past few years have taught us that because we are already outside the conventional box, we must stay there. Because of the nature of our product and many of the variables you have read about in the previous three segments we have taken painstaking and costly time to re-adjust and fully understand the re-direction we are now undertaking.
Our Websites will soon be redesigned to more appropriately reflect the changes. The Orange Connection, enterprise edition, is being re-branded “Private Digital Courier” (PDC) and will be the primary focus. PDC and The Iron Jacket are currently only available to a few large, deeply vetted partners. Expansion to serve others will proceed carefully from the top downward as finances and staffing allow. We are dedicated to responsible control of these unique and highly sophisticated products. Taking this top down approach will provide us with the resources to distribute our products accordingly.
We remain debt free and unencumbered in any way. Our integrity and ethics for good business has deep roots. The question is, do you have what it takes to join us?
POST # 5 Spin The Bottle
By J.R. Hildebrand, CEO, RADIAN Global, Inc.
LATE SPRING 2017 edited and re-posted, SUMMER 2017
For many years the city in the United States listed for having the highest number of killings is East St. Louis, Illinois. The murders are so plentiful; they go fairly much unreported in the media. Commonality has bred a disturbingly high level of tolerance and indifference.
Similarly, high volumes of vicious hacks of corporations and businesses also go unreported. While there has been no bloodshed (that we are aware of) thousands of lives have been turned inside–out. We are woeful at the disturbing trend of indifference and complacency. Unfortunately, these twins will be a catalyst to even bigger, more profound and destructive hacks. One of our daily e-mail reads is the Recorded Future Report. Just from this daily hack activity report alone, one has no choice but to realize the quality and quantities of malicious attacks is out of control. The current diet of hacks may not be front-page news every day, but it is there and growing. Global corporate technological ignorance and carelessness has set the table with fine linens, gleaming silverware and crystal goblets. Invitations have been sent and the main course is about to be served… All that remains is to spin the bottle. Are you on the menu?
Current cyber threats.
The malware sweeping Europe in the early summer of 2017 has a single underlying theme… hackers are exploiting the corporate frailties that we have reported here. Hackers do not care about the few large entities that have things somewhat buttoned up, rather they are relying on the masses of technologically dependent but dysfunctional businesses to be caught off guard.
The late spring and early summer surges are like the opera singer clearing her throat. Worse, malware as we currently recognize it is undergoing a transgender type change. Within the next few months (mid to late summer or early fall of 2017) malware that has already been placed “Cupcake”-style, will be triggered into action by the very measures originally designed to eliminate them. Picture a trim diver jumping back out of the water onto a springboard… only when he re-connects with the springboard, the diver is actually a nearly invisible elephant. Confused?
CLOAKED WITHIN THE DEEP WEB, EVERYTHING YOU THOUGHT YOU KNEW ABOUT CYBER TECH HAS ALREADY CHANGED!
The larva is about to emerge from the cocoon as an elephant- with teeth- like a great white shark. By the time financial and health care providers of all sizes understand that the elephant is in the room, the diver will have jumped. The only part that stays nearly the same is the ransom demands and the associated liability for failure of due diligence.
At this juncture, pleading ignorance is in itself a scathing indictment.
Businesses and individuals of all types will be hit, with the most crippling occurrences affecting financial and health care services. FINRA and HIPAA regulations will be compromised and abused in new and very disturbing ways. Mayhem and chaos will be the new business partners for many. Also, and unfortunately, from our observations, this palatial hack-fest is already underway. To re-emphasize; most have already been hacked but are just unaware. It is only a matter of time before one of our larger, most stoic monoliths of enterprise is brought to its knees by hackers.
Note that we have deliberately failed to mention names of some of the highly suspected (promoted?) malware programs, that is something for your own Cyber Security professional to identify. What we intend to do here is generate broad awareness and preparedness. If we were to single out one or two of our most concerning malevolent sequencers, too many folks would focus on them while allowing a back-door attack via yet another camouflaged exploit. Never let the enemy know that you know where they are hiding.
BOTTOM LINE –
THE MOST VALUABLE, BEST ADVICE THAT COSTS YOU NOTHING MORE THAN THE TIME IT TOOK YOU TO READ THIS…
- Re-read this series of posts and change what needs changing in your attitude and everything else that is currently a potentially negative drag on your business.
- Hire additional IT people and develop a division for Cyber Security personnel.
- Treat them well and pay them well.
- Provide them with the equipment and resources they need.
- Develop and follow a new company and employee operational plan that includes Cyber Security.
- Immerse yourself in learning everything you can about the technology used in your business, Cyber Security issues and your new technological ethics responsibilities.
- Apply for our Consulting*, Cyber Security and Secure Data Management Services. Please use the “Contact Us” page on this Website or https://raidian.com
* Consultations are discrete and conducted on base levels designed to educate and train business executives in terms they are familiar with and understand.