Ah, AI—the shiny new toy that promises to revolutionize everything from your morning coffee order to high-level business decisions. It’s fast, it’s efficient, and it can enable your organization to do more with the resources you already have. But like all good things, there’s a catch. Let’s break it down: the good, the bad, and the downright ugly of AI in today’s workplace.
We’re all the heroes of our own story — even if that story is a series of unfortunate events. Sometimes our judgment is clouded, if not outright wrong.
And that’s okay.
In March each year, people celebrate “Everything You Think Is Wrong” Day because — despite our best efforts and good intentions — many of our decisions are just plain wrong, like parachute pants or mullets. Terrible decisions are timeless and the era of cybersecurity is no different.
Consider the marketing schemes that offer organizations “total protection” from today’s cyber threats. They claim to protect every nook and cranny and endpoint of your network, day and night, rain or shine, phishing or formjacking.
You might be thinking, “Wait. That does sound too good to be true… This is one of those bad judgment calls, isn’t it?” And you’d be right. It’s simply not possible.
The thing about being responsible for cybersecurity is that we know we can’t win; the best we can ever hope for is not to lose. Many of us could summarize our professional goals in our annual performance review to “Try not to get fired!”
Depressing? Not really. It’s not a terribly cheerful way to think about our work, but it also doesn’t take away from the important role we play in society. Someone has to do it. Cybersecurity is more critical today than it was even a year ago.
Fortunately, our stories are still being written, so we have the opportunity to do things differently — which is why we also celebrate “Everything You Do Is Right” Day. We can always revisit and learn from our own stories thus far, even if the only one who appreciates the lessons learned are ourselves.
Sometimes it’s hard to keep this in mind after spending days — or perhaps months, or even years — feeling bad about the poor decisions we’ve made in the past, particularly when we’ve had to choose from a set of exquisitely bad alternatives (like hospital CISOs responding to ransomware).
In a world where things can go sideways at the click of a mouse, we know that what we do matters. We make a difference. While we are often ignored when things go right and vilified when things go wrong, giving up is not in our job description.
And so, I leave you with one last thought to guide you through your cybersecurity career — and through life:
“Success consists of getting up just one more time than you fall.” – Oliver Goldsmith
2022 is the Year of Cybersecurity. AGAIN.
You’re Not Their Valentine, You’re Their Victim!
A traditional Christmas Eve dinner at my favorite dive Chinese restaurant always includes paper placemats with signs of the Chinese Zodiac. While waiting on the scallion pancakes and cold sesame noodles to kick off the inevitable overeating, we compare signs, animals, and personality attributes.
2022 is the Year of the Tiger. According to the Chinese Zodiac, children born in 2022 will be “loyal, trustworthy, and courageous fighters.” In contrast, I was born in the Year of the Pig, which means I’m “chivalrous, optimistic, and tell things like they are.” Ironic, huh? You can’t make this sh*t up!
In addition to 2022 being the Year of the Tiger, it is roughly the 5,237th “Year of Cybersecurity” since the Neolithic Period (at least by my count).
Every year, from their lofty towers, industry experts pontificate on the IT focus for the coming year. (If the marching band scene in the movie Animal House springs to mind, you’re on the right page.) Once again, 2022 is being recognized as the “Year of Cybersecurity” by industry thought leaders, including Security Magazine, Clearbridge Business Solutions, and ConShore Security.
The trouble is that leading cybersecurity pundits also made these same claims in 2021. And 2015. And 2008. And pretty much every year since cybersecurity first entered the English lexicon in 1989 — a year which also included Tiananmen Square, the Exxon Valdez, and two Top 40 songs by Jive Bunny & The Mastermixers!
If nothing else, yet another “Year of Cybersecurity” tells us three things:
As always, cybersecurity remains a primary focus of attention.
Cybersecurity will forever be a primary focus of attention.
Industry pundits are committed to disproving Santayana’s quote about the definition of insanity. (No, it wasn’t Einstein. Yes, I’m sure! Go look it up… See, I told you so!)
Declaring a “Year of Cybersecurity” is like declaring victory when you’ve mowed the lawn or cleaned the kitchen. Sure, it looks nice for a few days, and it gives you a warm sense of satisfaction — but the painful truth is that the kitchen will need cleaning again in another week, and the lawn will grow in endless defiance of your mower’s blades.
Cybersecurity is like that stovetop or that backyard. You’d love to believe that you’ve “finished the job” once and for all and that you can move on to addressing some other projects. But you know in your heart, or at least you should, that the world doesn’t work that way. And pretending that you can “finish the job” of cybersecurity sets you, your management chain, and your team up for painful disappointment when the “cyber spaghetti sauce” once again ends up splattering all over your nice clean “cyber stovetop.”
There are no trophies for winning at cybersecurity, just as no one typically hands you a medal for successfully mowing your lawn. So instead of declaring 2022 yet another “Year of Cybersecurity,” let’s talk about what businesses should be paying attention to.
Here’s where you should start:
I want to tell you about a friend of mine I’ll call “Pat.”
Pat met the one true love he had always dreamed of online. I’ll call her “The One.”
The One was perfect: A successful supermodel, highly educated, and, of course, infatuated with Pat. Pat and The One exchanged messages through a dating app for a few days. Pat told me they were “soulmates.” Everything Pat enjoyed or cared about (as detailed in Pat’s online profile) was a 100% match with The One.
What a coincidence!
Unfortunately for Pat (and many others), romance has become another victim of cyberattacks. Romance, a feeling of excitement and mystery associated with love, has turned into Fauxmance, a sense of disappointment and victimization associated with theft and deception. Singles of all ages, lonely and looking for connection, turn a blind eye to warning signs, falling for scams and swindles.
Like this 60-year-old woman from Wisconsin who’s out $1.2 million.
Or this woman who tried to help an overseas soldier’s son survive cholera .
Or Pat.
The One opined that she was short on cash for reasons too complicated and ludicrous to describe (including a failed investment in her uncle’s bait and donut shop). And money was the only thing that stood in the way of Pat and The One being together. The One wanted to jump on a plane at a moment’s notice to be with Pat. After all, they were meant to be together. Nothing could keep them apart.
Did I mention:
The One lived in Australia? (Pat is American.)
This was during the height of the Pandemic?
When Australia shut down all air traffic in and out of the country?
People have a tremendous capacity for self-deception. We can convince ourselves of almost anything, despite clear evidence to the contrary. That lonely supermodel on the dating app who just messaged me? Of course, they’re legit! Coupled with our chronic willingness to ignore intuition when searching for “The One,” it’s not surprising that so many people fall victim to online romance scams.
Poor Pat. The One just happened to “know someone who knew someone” and would be able to score a seat on a special charter flight from their home direct to Pat’s local airport!
What a coincidence! And the ticket was only $5,273!
Being a cautious person, Pat suggested they do a video conference first, but sadly, the camera on The One’s laptop was broken. Fortunately, The One was thoughtful enough to send Pat some graphic pictures and a couple of videos that left nothing to the imagination as coming attractions.
Pat used an app to send her $6,500, which covered the flight as well as parking at the airport and a kennel for her dog.
Sadly, the day before the flight, The One’s mother died from Covid. To assuage any suspicions on Pat’s part, The One thoughtfully sent pictures of the funeral. She rescheduled her flights, but a week later, The One’s father lost two fingers in a freak sheep shearing incident — and her brother was mauled by a pack of angry koalas while on a picnic.
The One was too traumatized by this horrible string of tragedies to travel, let alone leave her loved ones in their time of need. When Pat hinted at The One returning the $6,500, The One warned Pat that a sudden series of summer sunspots was about to “temporarily” cut off all communications with Australia.
At that point, Pat finally started to piece things together. The One was a romance scammer.
There are a few ways people can protect themselves from romance scams. Get started here:
Don’t send money to people online, especially people you haven’t met in person.
Be mindful of what you publish online —scammers can target you based on what they find publicly available.
If someone seems too perfect, they probably are.
If someone promises to see you and always cancels, they’re likely a scammer.
The FBI has a great list of added things you can do to avoid these romance scams.
Pat’s out $6,500 and a big piece of his heart, though he’s slowly but surely recovering (apparently a new lady is on the horizon named “Bride-to-Be”).
Are you more interested in protecting your files than your heart? Get started here:
Next Steps for Bank CISOs After a Data Breach
We built CodeHunter to help break the endless cycle of cybersecurity racing to catch up to new threats — because it’s hard to lead if you’re constantly chasing someone else.
Building upon years of groundbreaking research, CodeHunter addresses a fundamental problem in cybersecurity: Software with unknown behavior poses unknown security risks. To put it more simply, if you don’t know what a software program can do, how can you possibly know if it’s safe? Faced with solving this problem, we built CodeHunter to do one seemingly simple thing: automate the discovery of potentially dangerous software, known or unknown. Not surprisingly, automating this process turned out not to be so simple — but you probably saw that coming.
Using advanced mathematics-based technology, CodeHunter automatically calculates all the behaviors a software program can exhibit, identifying any behaviors and code that are potentially dangerous. Designed to recognize the past — known malware — and the future — new, previously unknown types of attacks — CodeHunter fundamentally changes the stakes of cybersecurity. The good guys are no longer on the defensive; now, they’re one step ahead, using tomorrow’s technology to solve today’s problems.
With CodeHunter, organizations can now not only thoroughly investigate a suspicious file, but they can also automatically scan thousands of application files, ensuring that old executables, new executables, and even programs still under development are truly safe.
History teaches us that our greatest strengths often expose our greatest weaknesses. We live in a world enabled by technology — and, whether motivated by politics or profit, there are those who wake up every morning thinking about how to use technology not to help, but to harm. We built CodeHunter to automate and strengthen our defenses and to help protect our world from those who would seek to cause harm — today and in the future.
