Derby Day is near! I remind you what you already know. A couple hundred seconds before 7 p.m. (ET) Saturday the gates will open for the select equine exemplars. Then, a couple hundred seconds later history will include the newest winner of the Kentucky Derby, America’s greatest race run continually since 1875.
You and I are continually in our own little races. We and our technological gadgets and internet-connected cars, appliances, and thermostats forever race against the bad guys. The hackers, scofflaws, ne’er-do-wells, and scammers of the digital age stand far afield from tradition, quite unlike the deeply engrained ethic of Churchill Downs and its community. Both sects are all about victory and exploiting their foes’ vulnerabilities. It’s noble to see Baffert, Velazquez, Pletcher, and Gutierrez take the rose garlands. It’s devious, meanwhile, to see the internet criminals and bad guys win their races. They seem to have the odds in their favor all too often.
It’s an unexpected comparison, seeing the Kentucky Derby vis-à-vis the day-to-day information security challenges. But, think about what goes into a racehorse’s development leading to those two minutes of utter excitement. Years of training. Tons of technology. Intelligence gathering. Tests and trials. Tweaking every nuanced one and zero, or lyrical stride, until the utmost is squeezed out of the “hardware.” Both cautioned against, but hard-pressed to avoid, looking over one’s shoulder to see how closely the adversary is getting. All of that effort, typically by a team of like-minded supporters, just for the one moment when only one contender noses out the others, whether taking the Derby or the data. Millionaires can be made, as well, while greater numbers tend to represent the losing sides.
This contrived comparison, still worth your questioning of its validity, led me to think about how tough this race is for we mere plough horses in the security field paced by hackers. I considered how seriously and frequently we have to be aware of the field and its driven competitors trying to abscond with our personal, financial, health, and other data. Even on the most restful of days, when our screen time and plugged in lives are somewhat, though barely, dormant it is a constant battle. On Sunday, that is to say, I tracked just how aware and at risk I am in the face of these black hats.
I’m awakened by the iPhone’s alarm. Everything about your mobile device invokes security risk. It’s connected to the internet via some router in your home, typically wirelessly. Your phone, the router and the air in between them all pose entry points for criminals. Ever set your router up to give family or visitors access to your WiFi? You just opened up gads more doors, potentially, and that’s the case even if you are careful about passwords and reconfiguring the “temporary” access after they’ve left. Before I can shake off any security nightmares I realized, and before I nabbed my first cup of joe there were about umpteen vulnerabilities left open.
I’m one of the self-proclaimed coffee snobs. I have “a guy” who roasts my beans, and that’s all the farther I’ll drag you into my vice’s rabbit hole. All the esoteric coffee mumbo-jumbo aside, I get my daily brew through the mail and pay for it electronically. Another risk taken, albeit rather pedestrian. The half-and-half I judiciously pour in was not procured artisanally, and isn’t special. It was purchased with the rest of the lot of provisions with a payment card. That card gets managed online. It gets slid unwittingly into gas pumps’ magnetic readers, which could easily have had a skimmer installed that transmits card data to a nearby vehicle. Surely, some millions of Target card users back in 2014 understand these many risks inherent to payment card use.
Back to Sunday. Coffee in hand. Time for some annoying yet inviting talking heads and news pundits to take all the niceties of the world away from us. How do I view TV? I’m still a cord-holder, though have cut some of its braids away. Cable or satellite TV, the Netflix, Amazon, Hulu, Peacock, Apple+, and Chuck’s Screamin’ Streamin’ services each present ways in and out of my network, and each possesses some handfuls of valuable information about me and my money (and about my marketing and viewing proclivities, to get quite personal about it all). Forever and a day only my folks were immune from all this since they stuck to their air broadcast guns. When they moved last year to an area with internet, that changed and they’re now with the rest of us on streaming, but still unfazed by cable or satellite for the locals.
It would be most fitting if we could find a wee bit of solace in our spirituality. Ahh … not in the 21st century though. For me and my congregation weekly donations are encouraged to be made virtually. We’ve only recently been invited back IRL, in real life, but the support will likely be preferred in this new mode for the long haul. Making donations shouldn’t cost more than the nominal amount, generous enough. However, now with yet another transaction that’s going into the ether first, we’re telling the bad guys out there that they have a new target, one by the by that may not be considered sophisticated in terms of its network defenses and data security.
In my thought exercise, I barely made it to noon on a lazy Sunday, of all days, without having realized dozens or more information security risks. There’s but one horse, of one particular age, that during a couple hundred seconds will make history Saturday. For us, the race never ends despite the stacked odds. Train, learn, adjust, and train some more. Maybe you make it to the end without falling, or the baddies go after others. Odds are….
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at firstname.lastname@example.org.