I have spent the last couple of weeks trying to resolve a security situation involving an online service that deals with some sensitive information. A parade of hardware and network changes, usernames, passwords and various flavors of 2FA don’t seem to have resolved it, so I’m left to deduce the problem isn’t on my end. Especially after everything that’s happened with Equifax, the simplest explanation – that the service provider messed up – does seem like the best one.
And, yet, I’ve read enough horror stories about online security that I can’t convince myself that’s the case. Maybe I’ve been hit with some nation-state-level shit that I just haven’t noticed yet and the only solution is to toss out literally every
device on my network and start anew. Today’s breaking news about the KRACK vulnerability
has not eased my mind.
But aside from an ulcer, this situation – combined with KRACK, Blueborne and whatever scary-as-hell vulnerability researchers discover next week – has also given me a new perspective on just how much personal information I want out on the web, and how many weak points I want to introduce in my defenses. What was once more than 20 devices on my network is now down to 5, and, so far, I’ve found it surprisingly easy to live without most of them.
Some of them might never be plugged in again. Not because I think they’re associated with my current situation, but because I’m afraid they could be the cause of some fresh hell later on. I’m starting to wonder whether playing a song on-demand or setting a timer with my voice is worth the risk of compromising my WiFi network and everything that entails.
Frankly, I’m generally questioning the wisdom of conducting any given transaction online when I could do the same thing in person. Sometimes this improves security and sometimes it doesn’t, but I think the deciding factor for a lot of people is time and convenience. The more I hear about online security vulnerabilities, the more my priorities shift.
I can’t imagine I’m alone in feeling this way, at least among people who remember a time without always being connected. I kind of doubt this will lead to a slowdown in sales of connected devices – because convenience is just so damn convenient – but I also believe that, at some point, something has got to give. What I can state for certain, however, is that I lost my app-connected universal remote the other day and I’ll be replacing it with one that doesn’t involve a WiFi connection.
I also think I would be remiss, given that this newsletter is focused on cloud computing and artificial intelligence, to not point out that both have already improved the state of security for many things and will continue to do so. I think most consumers, and even many enterprises, trust in companies like Amazon and Google to keep their data safe. Machine learning has helped seriously squelch spam and phishing attempts, and AI is poised to have a major impact on the way security teams identify and react to threats.
The problem often seems to boil down to users, and to the devices we keep in our pockets and data centers, or on our counters. It’s what happens between here and there that really needs fixing.