I don’t know if you heard, but recently a rather prominent business got hacked, and the Cybersecurity community responded – but not always in a good way.
The story of the multi-billion dollar business was all over social media and in online Cyber media too. Obviously, because of the sad passing of Queen Elizabeth II, the mainstream media didn’t pick up on the story, so the mainstream audience probably won’t have heard either.
If you're not sure what story I'm talking about, here's a link so you can take a look (I won't be talking about the incident, as such here).
But this blog isn’t so much about how the company affected responded, but about the community at large.
From what we know, the company affected responded in a responsible manner by alerting the media and their customers relatively quickly, or as quickly as they could.
The ‘how’ and ‘why’ questions will no doubt be picked over internally (and externally) for some time.
However, it was the response by the industry (on social media) that baffled me.
The influx of businesses jumping on the “It-wouldn’t-have-happened-if-you-used-our-product’ bandwagon was staggering! Even people who worked for organisations that had been hacked jumped on the ‘Use-our-product-to-stop-this-happening’ coach! Talk about throwing stones, when sitting in glass houses!?
Clearly, they have a short memory!
The amount of ‘Arm-chair Heroes’ who stepped up and told this company what they were doing wrong without any detailed understanding of the background was bewildering.
At times, I was dismayed to see a community I love, laugh and jeer and the affected company.
Let’s be perfectly clear… laughing, poking fun or ‘tutting’ and gleefully pushing your own agenda is the same as laughing at someone who has been in a car accident and is now on the way to the hospital!
Remember… it could happen to anyone! Yes, even you dear Salesperson with your lovely one-dimensional product!
What we need to remember
As stated above… this could happen to anyone. And no, it’s not a matter of ‘if’, or ‘when’, it’s a fact of life. It might happen to you.
Not everyone will be hacked, or be a victim of cybercrime, just as not everyone will be involved in a car accident. Not everyone will be mugged, or burgled, or be called for jury service!
But it might happen, so if it does, then we shouldn’t be so quick to pour scorn on those it has happened to.
Conclusion - What we need to learn
For all those people selling their products and services on the back of this, and other incidents you need to understand that there is no silver bullet. There is no such thing as 100% risk free, or 100% secure.
The mere act of doing business is a risk, and risks multiply by the number of people, devices and data we rely upon.
We need to learn from other people's life experiences and internalise their teachings. This is how we have evolved through the centuries.
Remember, our ancient ancestors didn’t laugh at the first person to be eaten by a sabre-tooth-tiger. They understood that anyone could be a victim, and they worked together to develop tools, techniques and teachings that would help avoid the risk or respond to it when it attacked.
Nothing has changed.
In conclusion, all I can say to the company affected – you will get through this and you’ll come out stronger for it. Well done on being transparent and best of luck to the Incident Response team and the recovery team.
To everyone else, just remember that next time it could be you… Just be kind. And if you can't be kind; Don’t be a dick!