I got hit by a bus last week, and I don't mean that figuratively. Here's what happened: I was actually sitting in the back of an SUV moving about thirty miles per hour on a busy Los Angeles thoroughfare when a bus came out of nowhere driving about the same speed and slammed into us.
The vehicle I was riding in came to rest facing the wrong way in traffic. Stupidly, I was not wearing a seatbelt, and as a result was tossed across the backseat of the vehicle.
While I spend my days completely focused on cybersecurity issues, my first thought was not work-related. It was mild surprise. I actually said to the colleague who was on the phone, "Wow. I think we just got hit by a bus." It was only after the shock of impact sunk in that I realized that both the driver and I could have been killed.
You are probably like me when it comes to work; it is more or less always on your mind. The topic of discussion when the bus sideswiped us was election security, and, after getting out of the vehicle to absorb what had happened, I continued to work in the backseat of the crumpled SUV waiting for the police to arrive, discussing election security with my colleague.
That said, the conversation did wend its way to accidents, and that made sense. After all, a big part of a cybersecurity expert's job is riding herd in the aftermath of an "accident" and trying to help clients avoid future problems. The accidents and odd twists of bad luck or bad practices (or more commonly both) that cause breaches are what occupy me most.
My first thought when I got off the phone while waiting for the police to arrive really was that I'd just experienced the vehicular equivalent of a cybersecurity compromise.
Perspective is everything. The seriousness of getting hit wasn't immediately apparent to me because I was in the automotive equivalent of a tank. Likewise, data breaches aren't felt sometimes, albeit in a different way. Maybe they affect "someone else" or they discreetly occupy a small amount of computing power, used, for just one example, to record keystrokes.
Those stolen keystrokes, transmitted to a hostile party, can be used to usurp control of a network. Once a hacker is in, he or she can grab your most sensitive data, including trade secrets, or encrypt all your files and demand a ransom for the key to de-encrypt it. It could also be they commandeer just enough space to link your company's machines to other machines in a botnet. The exploits are as copious and varied as the humans out there thinking them up.
In the current environment of constant data emergency where one giant breach crashes into another like cars in a highway pile-up, and the security of data and the privacy of individuals is how you make a living, every waking moment (and even your dreams) can feel pretty perilous. The fact is, when it comes to cybersecurity, we are always occupying that moment just before the bus hit my Uber (a company that was, of course, recently "hit" by news of the mismanagement of a major data compromise).
Finally, the seatbelt is worth talking about.
I have long been in the habit of getting in the backseat of cars driven by perfect strangers, with no idea what sort of driver he or she is. That is no longer the case.
Only a mad genius would be able to write the algorithm capable of divining curbside whether or not the driver who turns to confirm you're you poses a significant risk of being in an accident. For the rest of us, there we are--hurtling through space in a metal and glass cage controlled by the great unknown in the form of a fallible human being. That is precisely what every day is like, whether you realize it or not, in the realm of privacy and cybersecurity.
The accident happened. One foot in either direction, a few miles per hour faster--and who knows what the outcome would have been. Cyberattacks come out of nowhere, just like that bus, even if you're doing everything right. It doesn't matter if your defenses are good. The attacker only has to find one thing you haven't thought about--even if you've spent millions on experts who spend their time thinking about every possible contingency and protecting against it.
Like it or not, take every conceivable precaution, and people will still get hit by buses. When it comes to cybersecurity, there's always an exception, and because of that there will always be successful attacks.