More Cyber Security Nosedives on the Horizon
The Great Cyber Security ‘Fall’ 2017
J.R. Hildebrand, CEO
Raidian Global, Inc. November 15, 2017
The Equifax debacle and more: On September 7, 2017 we all learned that Equifax had been hacked and everything that I have been writing about has been validated, down to and including, cultural dysfunction. Note the previous post on this blog.
I find myself in a very uncomfortable position writing an “I told you so,” so soon after posting observations regarding inevitable hacks of mainstream, anchor-type financial institutions, among others. Although it appears that the hacks had already occurred or were underway at the time I wrote about their eventuality. I had been smelling the stench of something rotting somewhere in the system for many months. Not only has the Equifax debacle proven me correct on that front, but, under-published reports further prove my observations regarding the monstrous role that overlapping cultures and tribal expectations play toward these kinds of egregious failures. To more easily understand the underlying gist of what you just read, allow me to reference two political entities: Republicans and Democrats.
3 layers of tribal tradition.
As I researched the layers of information surrounding multiple recent hack events, I became increasingly aware of the depth of a subtle but complex stratum that feeds upon the very soul of educated ignorance.
It is now mid November and I had desperately wanted to publish this post in mid October. One of the downsides to having a world library at my fingertips is the fact that I keep getting sucked into the labyrinth of overwhelming volumes of information. Sorting things out, trying to discern truth from fantasy or fiction (fake news) is time consuming and somewhat at the heart of the most recent understanding of unenlightened tribalism. The Equifax episode reeks of the 3 layers of tribal traditions discussed below. Please keep reading.
Cultural impacts revisited:
In the Summer Report, I wrote; “Friends, you must realize and understand that this formulary of veiled ‘discovery and fix’ happens more often than not. Unfortunately, it seems the silent treatment is frequently applied, unethically; more to save face for developers than to ethically protect consumers from hackers. Demographics of culture, age, ethics and biases are huge issues.”
A friend who recently read the summer post challenged me and asked me if I wasn’t being a bit biased and bigoted with my remarks about ethnic and technological cultures. I had reported about how those cultural factors contributed to the vulnerability for being a hack target or perhaps even insider sabotage. I further know that by not addressing these issues directly they are only going to degenerate. Tribal instincts among certain IT folks is strengthening when it should be smoothly blending and bonding with other disciplines.
Alas and evidently, more proof of concept is required. The basis of negative cultural ideals on multiple tribal planes knows no boundaries.
Using the airlines as an example;
- A deadly KAL airline crash in London in 1999 (Flt 8509) was directly blamed on pilot error as the pilots were documented as being culturally dysfunctional. Communication necessary to avoid the crash did not take place because the co-pilot literally chose to die rather than take the chance on insulting his superior pilot with a simple question. Even more disturbing is the evidence that the captain refused to believe he was doing anything wrong. The final report lays the blame for the crash directly upon “autocratic cockpit culture” which is an extension of the crew’s ethnic culture. Fortunately, this was a cargo flight and only the crew perished.
- As recently as July 6, 2013, Asiana Flight 214 crashed upon approach to the San Francisco airport. Cultural pride and an unwillingness to admit lack of skill once again contributed to catastrophic consequences. None of the crew was actually qualified to fly the Boeing 777- especially in manual operational mode- but of course they were pilots – so thus they arrogantly assumed they could fly anything. Worse, the failed landing was their first ever landing at this airport.
These are just a couple examples of many highly documented tragedies attributed to cultural dysfunction in the past few decades. My observations stem from weeks of research heaped upon my own multiple years of working with Asian and middle-eastern ethnic cultures.
I am not being disrespectful; I am merely reporting truthful information on how antiquated cultural idioms have intersected with modern society. The two airline events reported here are reflective of a pattern that has legs. History repeating itself in the time frame reported means one thing; the lessons of failure wrought by ethnic culture have not been learned or acted upon with enough vigor to curb further repetition. At this juncture, I remind you that we are targeting these references as comparison to a vast majority of today’s corporate IT departments and their managers. Think about that last statement in conjunction to where we are today!
I have had extensive experience working with multiple Asian and East Indian groups and have had to make radical adjustments to operational procedures to be able to work within their skewed cultural behaviors.
Even with that understanding, I recently erred in thinking that a dozen years of newly globalized information would provide at least a partial a breakdown of most of the cultural dysfunction in the highly educated technology community. The 2015 “Cupcakes” situation was a wake-up call. Likewise, dozens of conversations with IT folks and their employers have added confirmation that pride, ego and territorial ignorance run deep.
It would seem that the more things change, the more some do not.
The Equifax fiasco has its roots in everything you just read and are about to read here. And, that is just Equifax: How many thousands of other businesses are following the same Cyber Security Failure model? Where do you fit in?
Triple layered tribal territorialism:
To condense what you have been reading into simpler terms, Cyber Security in the fall of 2017 is at the mercy of the three stooges:
- Mo; The ethnic/societal culture of “Hierarchy and self-honor above all else.”
- Curley; The territorial techno geek squad; over-confident, “don’t bother us, we know everything” club.
- Larry; The uninformed, indifferently permissive but technologically and financially constipated management team. Larry’s mantra is “I am a manager more worried about my golf handicaps and large profits because I don’t have time to pay attention to things I pay others for. And, I hate spending money on preventative measures… when the machine breaks I just replace it.”
3 layers of unsuspecting but collaborative, tribal-like tradition,
repeatedly taking the same old approach to cyber security
while expecting different results.
This less than professional mentality
is fertile ground for the malcontents we call hackers.
IT DOES NOT HAVE TO BE THIS WAY!
Are you a CEO or executive type person reading this?
Are you an IT person?
Both types are going to be reading this blog with different ‘eye’s” and attitudes, especially if the ethnic culture of hierarchy plays on either side.
If you are the possessive IT, “cover my butt and keep my job” tribal Mo and/or Curley type, you are going to be saying to yourself “Holy Crap – I can’t let the big boss read this!”
If you are a functional “Larry” boss and not actually a disconnected zombie, and if you are not already having a panic attack, then you will be soon.
Oh, are you offended by my oratory here? Then perhaps we are getting somewhere.
Before you go off excoriating J.R. Hildebrand as some kind of off-the wall lunatic, re-read and seriously think about what I have been sharing with you in the last several blog posts. Look at the big picture. Have you been disconnected from your IT and/or Cyber Security people? Have you been stingy with your budget – doing the same old things by putting different colors of lipstick on the same old pig while expecting bigger better results? Is your business one mere click away from malware- DDOS oblivion? When you come to your senses and you decide that you want to talk about how we can help you, go to https://raidian.com/contactus – send me an email.
By the way, did I mention that my radar is indicating both a major insurance and/or health care provider and a global financial institution may be the next targets? Equifax appears to have been a meager testing ground.
Merry Christmas and Happy Hanukkah.
No, theses are not greetings, but the possible ID’s for some nasty, end of the year back-door malware and phishing escapades and almost no one will be immune.
Key word; almost.
What is your vulnerability factor?