Daniel Miessler's Blog, page 102

Unsupervised Learning: No. 115

You'll like the typography better at Unsupervised Learning: No. 115. —

This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter.

This week’s topics: GitHub DDoS, Celebrite Attacks, AI warnings, Palantir in New Orleans, Grub Backspace, 4G attacks, Space Corps, Amazon wins Defense Department deal, tech news, human news, discovery, notes, recommendation, aphorism, and more…

Listen to this week’s Podcast

Read this week’s Newsletter

— I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month… Begin Membership… Thank you!

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on March 06, 2018 08:51

When Companies Stop Caring About Data Loss, Risk Will Be Resilience-based and Focused on Business Disruption and Human Safety

You'll like the typography better at When Companies Stop Caring About Data Loss, Risk Will Be Resilience-based and Focused on Business Disruption and Human Safety.

—

In 2013, I looked briefly at how being hacked affects a company’s stock price. More people are looking at this now, and the evidence seems to show that there is often a major dip, but after 6 to 12 months it’s hard to even notice it happened.

I’ve been worried for a long time that we’re getting Breach Fatigue. If only a few companies have been hacked, then the public will punish them with a lack of trust and less business. But if everyone’s been hacked, then consumers don’t have the choice to move their business to the invincible option (since none exists).

So what then?

If everyone’s been hacked, and consumers come to accept that it’s inevitable, then what incentive will companies have to do security?

I think the answer is that there are different types of breach, and that even if companies stop caring about losing customer data, they’ll still care about two other types of security failure.

Business Disruption
Human Safety

When I first started thinking about this, I was thinking that these three things (Data Loss, Business Disruption, and Human Safety) might map to the CIA triad, with data loss being confidentiality. That would have been a neat essay, but I don’t think it’s true.

Losing customer data is one type of risk, and it’s the one that’s served as the fuel for the Information Security industry so far. But this is only because humans used to have some measure of privacy because it was so hard to move information from one place to another. To take an individual’s information and give it to 100 different companies all over the world would have been supremely difficult before computers. Now it takes seconds.

I don’t see the loss of privacy as a failure of infosec. I see it as an inevitability of a data-powered economy.

If the metaphor is the swimming pool, data isn’t the urine in the water that we can’t get out. It’s the water itself. You could remove it, but then what would you have? Ultimately, privacy requires an empty pool. And given a choice, people will gladly provide the water to swim.

Anyway, once the fear of losing our data has been played out—which I’d argue we’re getting close to—I think we’ll move to other types of risk.

Business Disruption is one. It applies, obviously to business, where disruption to business means lost revenue and potentially the company going out of business. So, malware infections, intellectual property loss, denial of service attacks, corruption of data (integrity attacks), could all be examples. But Disruption can also apply to society. Stopping transportation. Preventing purchases online. Etc. In both cases you’re talking about losing money, value, opportunity, and trust in the underlying system.

So Disruption of business and society is an ever-present threat, and is arguably the most likely and most common type of risk (once data loss becomes a non-issue).

Even more visceral, though, is Human Safety. As we connect more and more systems to the internet, and then connect those things to each other, we’re looking at automating and using AI to control more and more of the systems that surround humans both in transit and at rest.

The opportunity for harm—both accidental and malicious—is about to grow exponentially, and this will make up the other major type of risk that companies and societies are looking to reduce.

Resilience is security

Begin Membership…

Thank you!

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on March 03, 2018 15:38

Safe Schools Are the New Luxury Item Because Now Only the Rich Have Stable and Present Families

You'll like the typography better at Safe Schools Are the New Luxury Item Because Now Only the Rich Have Stable and Present Families. —

We just saw another school shooting—this time in Parkland, Florida.

The shooter was some kind of foster kid with serious hate in his heart, obviously. The foster parents were devastated, and evidently tried to give him love, but the damage seems to have been too great.

He had a history of violence problems, a fascination with guns and knives, and was evidently loose with racist language. What seemed to set him off was a rejected lover getting with a Hispanic guy, which is strange since he himself has a Hispanic name and appearance.

Anyway, the point is that he was a foster child due to some sort of circumstance, he was bullied, and he became enraged enough due to jealousy over an ex-girlfriend to murder many people with a rifle.

The larger problem here isn’t that he did this. It’s that there are tens, or dozens, or hundreds, or thousands of other young men across the country who are somewhere close to this cocktail of volatility.

It starts at home. It starts with the lack of a stable, loving family.

If this kid had a present family that loved him, and he went through he same trouble with an ex, he’d have had that pain absorbed by them, and it would have come back as love. It still would have hurt, but he’d have gotten through it. As most kids do, in most families.

The problem is that, in America, more and more families are fragmented and distant to the point of either being absent or even worse—where the parents are essentially damaged kids themselves adding even more stress and pain to the child. They let them raise themselves. They beat them. They abandon them to be raised by grandparents or other family members.

Or maybe they’re actually decent parents (or one parent), but they’re so busy working low-income jobs that they’re not there to raise the kid. So they’re raised by poisoned peers and the street basically, with similar results.

This is a class issue. And the classes are separating.

I’m aware that there is a long history of rich parents ignoring their children, who grow up to be unhappy, or overly demanding parents producing unhappy adults, but when have you seen one of these kids shoot up a school?

The thing that rich families tend to have is two parents at home who absolutely love their kids, and spend excessive time and money on making sure they have what they want. This is the new signature of the rich, actually, whether they’re Asian, Indian, Jewish, or any other group—they start planning for their success long before conception.

They meticulously pick out every piece of furniture. They pick jobs for schools. They pick schools for college chances. They pick colleges for their eliteness. They basically plan, with ruthless precision, exactly how to make their kids part of the class that looks down on others.

Find any upscale neighborhood in the Bay Area, or anywhere else, and this is what you see. A young, educated husband and wife working tirelessly to manufacture a perfect runway for the perfect child.

Parkland is actually quite rich, but the shooter was adopted so definitely didn’t have the stable, present family I’m talking about.

Now lets go to their school. It’s likely private, but if it’s public it’s in such a rich neighborhood that all the parents are educated and successful.

How many shootings do we have where the shooter was raised by two, stable parents who loved them and did all they could to make them successful?

I’ve not done the research, but I’m guessing not many.

The country is not fragmenting by race as much as people think it is. It’s separating by class.

There are rich neighborhoods and rich private schools where the price of admission (usually) automatically filters for loving parents who care deeply about their kids. There are bad parents who slip through and just do whatever for their spoiled kids, but that’s likely to produce depression and drug use—not homicide.

And so kids who go to those schools will be safe. And kids who go to “regular” schools are surrounded by kids who are neglected, who have slightly older kids for parents, and who therefore get bullied with no emotional safety net at home to catch them.

Their sadness grows. Their depression grows. And for some of the boys, their hatred grows. And the only way to get noticed is to take a singular Alpha Male action to silence his opponents.

And that’s who “regular” kids have to go to school with.

Rich and educated parents actually don’t have a marriage crisis the way regular (poor) people do. Divorce rates are extremely centered around low-income families.

On all sides they’re surrounded by potential powder kegs and nuclear bombs. Regular people can’t afford college. Regular people aren’t getting married. Regular people can’t afford to survive because the middle-class jobs are evaporating.

So the parents are miserable. They’re divorcing. And the kids are stuck in the middle, often destined to do exactly as their parents did.

And when your kid is in a “regular” school, in America, in 2018, that’s who they’re sitting next to. Hundreds or thousands of kids who might have an absolutely abysmal life at home. No hope. No love. No opportunity.

Only despair and rage.

Education, a good diet, healthcare, solid news sources—all these things have become luxuries. And now we can add safety for kids in school to the list.

Notes

If you object to this because you didn’t grow up rich and you still have a stable and loving family, relax. My family was not rich either, and it was very loving and very stable. There are many exceptions to this, and those exceptions were a lot easier to come by 30 years ago than they are now. As the economy and life get harder, so does the creation of a loving family.

— I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month… Begin Membership… Thank you!

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on March 03, 2018 13:53

Safe Schools Are the New Luxury Item Because Only the Rich Have Stable and Present Families

You'll like the typography better at Safe Schools Are the New Luxury Item Because Only the Rich Have Stable and Present Families.

—